Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stuck ARP entries
Special Forums IP Networking Stuck ARP entries Post 302365939 by Corona688 on Wednesday 28th of October 2009 11:20:30 AM
Old 10-28-2009
Stuck ARP entries
About a week ago a customer hooked up a wireless router backwards to our network, causing it to serve incorrect DHCP addresses to some of them. Our networks are mostly statically assigned so this didn't cause as much damage as it might have, but now, over a week later, I still have incomplete 192.168.10.x entries stuck in the ARP table:
Code:
$ arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.20.27            ether   00:60:B3:20:71:32   C                     lan
192.168.20.36            ether   00:15:E9:84:E8:60   C                     lan
192.168.20.64            ether   00:22:5F:14:B4:75   C                     lan
192.168.10.101                   (incomplete)                              lan
192.168.20.33            ether   00:13:4F:00:A2:85   C                     lan
192.168.10.84                    (incomplete)                              lan
208.92.117.109           ether   00:80:AE:97:78:1F   C                     wan
192.168.10.65                    (incomplete)                              lan
192.168.20.46            ether   00:07:E9:BD:FB:79   C                     lan
192.168.10.90                    (incomplete)                              lan
192.168.20.130           ether   00:60:B3:07:10:16   C                     lan
192.168.20.21            ether   00:13:4F:00:40:85   C                     lan
192.168.10.88                    (incomplete)                              lan
192.168.20.43            ether   00:15:E9:32:C4:F1   C                     lan
192.168.20.14            ether   00:13:4F:00:64:FF   C                     lan
$

arp -d cannot delete the incomplete entries, and they won't go away. I suppose they're harmless but I'd get rid of them if I could. Is there any better way than a reboot?
 

10 More Discussions You Might Find Interesting

1. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

2. IP Networking

ARP Req Pkt

Does ARP Request packet Contains MAC Address of dest during broadcast? I found It So... When i captured ARP Req Pkts on ethereal... Rgds -Meti (1 Reply)
Discussion started by: ashokmeti
1 Replies

3. HP-UX

HW Address and arp

I was checking nettl output for a unstable telnet to my server. this is part of output: ### ***********************************STREAMS/UX*******************************@#% Timestamp : Sun Jun 22 EETDST 2008 22:14:47.492899 Process ID : Subsystem ... (4 Replies)
Discussion started by: xramm
4 Replies

4. Solaris

Printer Entries stuck "finished printing"

On Solaris 8, when I do a lpstat -o: I have tried cancel 140828p-16974, but the entries remain New prints to this printer and others work successfully. Can anyone suggest how to get rid of these entries. Thanks (2 Replies)
Discussion started by: pmm
2 Replies

5. Red Hat

Arp Problem

Dear All i have a linux proxy server which has RHEL-5 64 bit, it has two interfaces, it has the following details eth0=10.200.14.42 eth3=10.201.14.42 default gateway=10.201.14.254 one static route=192.168.0.0/24 gw 10.200.14.254 i am facing a problem when i ping 10.201.14.42 from... (2 Replies)
Discussion started by: surfer24
2 Replies

6. UNIX for Advanced & Expert Users

Monitoring the arp table

Man page of netlink says: --------------------------------- NETLINK_ARPD For managing the arp table in user space. ---------------------------------- Is it possible to monitor arp table using Netlink? or it's just for manipulating? (1 Reply)
Discussion started by: xyzt
1 Replies

7. UNIX for Advanced & Expert Users

arp questions

Can someone please explain this output to me. Why doesn't ifconfig show the same info? ~ $ arp -a ? (10.71.0.1) at 00:1b:21:2b:eb:0c on eth0 (4 Replies)
Discussion started by: cokedude
4 Replies

8. IP Networking

Protection against arp spoofing

Hi, I'm trying to find a way to protect my network against arp spoofing. What it is: An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker. How to protect myself: In my opinion, the best possible... (2 Replies)
Discussion started by: chrisperry
2 Replies

9. IP Networking

necessary ARP request?

Hello, I have 2 clients with Unix installed. host1: eth0 (192.168.5.10) & eth1 (192.168.10.10) host2: eth0 (192.168.10.20) I've connected host1-eth1 to host2-eth0. host1-eth0 isn't connected. I started 'tcpdump' on wonder that host2 got ARP requests for 192.168.5.10. Any idea why host1... (2 Replies)
Discussion started by: daWonderer
2 Replies

10. War Stories

What arp -s is good for

A customer appears to have drastically misunderstood our instructions for connecting to our WAN. He set his PC IP address to the same as one of the bridges. :mad: :wall: This caused much confusion on the network, to put it mildly. He called to complain about the poor performance of the network... (13 Replies)
Discussion started by: Corona688
13 Replies

LEARN ABOUT DEBIAN

lire::firewall::ipfilterdlfconverter

IpfilterDlfConverter(3pm)				  LogReport's Lire Documentation				 IpfilterDlfConverter(3pm)

NAME

       Lire::Firewall::IpfilterDlfConverter - convert ipf (ipmon) logs to firewall DLF

DESCRIPTION

       Lire::Firewall::IpfilterDlfConverter converts Ipfilter logs into firewall DLF format.  Input for this converter is the standard ipf syslog
       log file as produced by ipmon. IP Filter is shipped with FreeBSD, OpenBSD (up to 2.9) and some other OS's.

EXAMPLE

       A ipfilter logfile which looks like

	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:40:24 rolle ipmon[16747]: 07:40:23.631307	ep1 @0:6
	 b 192.168.26.5,113 -> 192.168.26.1,3717 PR tcp len 20 40 -AR OUT
	Oct 30 07:42:29 rolle ipmon[16747]: 07:42:28.585962	ie0 @0:9
	 b 192.168.48.1,45085 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:44:11 rolle ipmon[16747]: 07:44:10.605416 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN
	Oct 30 07:44:34 rolle ipmon[16747]: 07:44:33.891869	ie0 @0:10
	 b 192.168.48.1,23406 -> 192.168.48.2,22 PR tcp len 20 64 -S OUT
	Oct 30 07:49:13 rolle ipmon[16747]: 07:49:12.554420	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,61915 - 210.132.100.117,53 PR udp len 20 23040 IN
	Oct 30 07:50:23 rolle ipmon[16747]: 07:50:22.908107	ep1 @0:15
	 b 210.132.100.117 -> 192.168.26.5 PR icmp len 20 56 icmp 3/3 for
	 192.168.26.5,4480 - 210.132.100.117,53 PR udp len 20 19712 IN
	Oct 30 07:56:11 rolle ipmon[16747]: 07:56:11.113029 2x	   ep1 @0:15
	 b 192.168.26.1,138 -> 192.168.26.255,138 PR udp len 20 257  IN

       (that's: .... 'PR' protocol 'len' length_of_ip_headers_saved packetlength direction) will get converted to something like

	994398737 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994398861 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.1 - 56
	994398862 denied igmp 100.187.115.1 - ep1 LIRE_NOTAVAIL 
	 224.0.0.2 - 56
	994406849 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406850 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 116
	994406866 denied udp 192.168.26.4 137 ie0 LIRE_NOTAVAIL 
	 192.168.26.255 137 98

SEE ALSO

       ipl(4) for description of log structure.

       The ipmon.c source (e.g. on

	http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ 
	 src/usr.sbin/ipmon/Attic/ipmon.c?rev=1.27& 
	 content-type=text/plain&hideattic=0

       ) for the specification of the log syntax.

       The IP Filter webpage on http://coombs.anu.edu.au/~avalon/ip-filter.html

AUTHOR

       Joost van Baal <joostvb@logreport.org>, Wessel Dankers <wsl@logreport.org>

VERSION

       $Id: IpfilterDlfConverter.pm,v 1.7 2009/03/15 08:10:55 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001-2003 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2009-03-15						 IpfilterDlfConverter(3pm)
All times are GMT -4. The time now is 04:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy