Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Manipulate the Linux ARP Cache in C
Top Forums Programming Manipulate the Linux ARP Cache in C Post 302344800 by imij on Monday 17th of August 2009 03:48:26 PM
Old 08-17-2009
The Goal
I'm able to analize every field of the ARP frame that i capture, but not to avoid the malicious frame to take effect over the cache because i can't stop the kernel.

So, how can i do that? how could i check the frame and if it's a valid one THEN apply it to the cache, just before the kernel does it?

I have no room to speak here, and will most likely get bashed to death. Smilie

However, what the goal here seems to be is: Intercept packets before they get to the cache, qualify them as malicous or non-malicious.

So wouldn't a good firewall do this??
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

UBC cache vs. Metadata cache

hi, What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux? Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies

2. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

3. IP Networking

how can we spoof ethernet by ARP cache poisoning on unix through a program

how can we spoof ethernet by ARP cache poisoning on unix through a program... can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies

4. Linux

Linux cache

Hi all I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies

5. Linux

getting info on Cache Size, Data Cache etc..

Hi all I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc.. Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies

6. UNIX for Advanced & Expert Users

linux memory buffers & cache usage

18:45:47 # free -m total used free shared buffers cached Mem: 96679 95909 770 0 1530 19550 -/+ buffers/cache: 74828 21851 Swap: 12287 652 11635 Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies

7. Linux

File cache /Page cache Linux

Hi All, could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4. Regards Manish (0 Replies)
Discussion started by: hmanish
0 Replies

8. Linux

Linux cache

Hi, We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server. It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies

9. Linux

Help Me: How to set ARP stale time interval on linux platform for Ipv6 interface

Hi, Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ? I have tried increasing the variable gc_stale_time but that doesnt work. Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies

10. UNIX for Dummies Questions & Answers

Clearing memory cache on Linux server

i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do? i already tested this on a backup server and everything seemed fine. but i need to know from you experts what are the worst things that can happen when i run it on a real server: ... (5 Replies)
Discussion started by: SkySmart
5 Replies

LEARN ABOUT OSF1

learp

learp(8)						      System Manager's Manual							  learp(8)

NAME

       learp - Displays the contents of a LAN-Emulation Address Resolution Protocol (LE-ARP) table

SYNOPSIS

       /usr/sbin/learp [-u unit_number] -a

OPTIONS

       Specifies  a  LE-ARP  cache. The unit number is the same as is displayed by the netstat -i command.  For example: elan0 is unit 0, elan1 is
       unit 1, and so on.

	      If the -u option is not specified, the default unit number is 0.	Displays all entries in the LAN-Emulation Address Resolution  Pro-
	      tocol (LE-ARP) table.

DESCRIPTION

       Each  LAN-Emulation Client interface (displayed as elann in netstat output) has an Address Resolution Protocol (LE-ARP) table that contains
       mappings of 6-byte medium access control (MAC) addresses to 20-byte Asynchronous Transfer Mode (ATM) addresses.	The learp command displays
       the contents of the LE-ARP table.

       Each  LE-ARP  table entry contains the following information: Each MAC address that has been or is being contacted through the ATM-emulated
       LAN.  One of the following state values: AP -- LE-ARP is pending.  The ATM address associated with the MAC address is  not  known.   DE	--
       Delete  of  the LE-ARP cache entry is pending. When there are no more VCs for a LE-ARP entry, it is marked for deletion.  After there is no
       activity for 5 minutes (age periond), the entry is removed for the cache.  FD -- Forward Direct.  Packets flowing to  the  destination  are
       using  the  data-direct VC.  FL -- Flush is pending.  A new VC has been established with the remote node and the broadcast channel is being
       flushed so packets flowing on the new VC will not arrive out of order.  VP -- Virtual Channel (VC) setup is pending.  The  ATM  address	is
       known,  but no VC is established with the remote node.  If known, the 20-byte ATM address associated with the MAC address.  One of the fol-
       lowing flags: R -- Remote entry.  The MAC address is on a legacy (that is, Ethernet) network on the back side of an ATM edge device.  P	--
       Permanent  entry.   The	LE-ARP entry is permanent.  If known, this is the Virtual Path Identifier (VPI) and the Virtual Channel Identifier
       (VCI) of the data-direct VC used by packets destined to the MAC address.  Many MAC addresses may use the same VC.

EXAMPLES

       The following example shows the output of a learp -a command in which the LE-ARP cache contains five entries: # learp -a le-arp cache  con-
       tains 5 entries.
	  MAC  Address	   State	     ATM  Address		    Flags  VPI/VCI  08-00-2b-01-01-01  (AP) pending 08-00-2b-01-01-02 (VP)
       39000000000000000000000000.08002b010102.00      pending	08-00-2b-01-02-02  (FL)  39000000000000000000000000.08002b010203.00    R      0/65
       08-00-2b-01-02-03 (FD) 39000000000000000000000000.08002b010203.00       0/65

SEE ALSO

       Commands: atmconfig(8), atmelan(8), atmsig(8)

																	  learp(8)
All times are GMT -4. The time now is 03:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy