"What arp -s is good for"

Post #302720521 by alister on Wednesday 24th of October 2012 10:36:55 AM

Full Discussion: What arp -s is good for
For monitoring and notification of arp events, arpwatch can be useful.

Originally Posted by bakunin
Modifying the arp cache was a clever trick. I wouldn't have thought of that.

(Now, of course, should this problem arise, i will gladly pull it out of my memory with a grin and a bored "well, that was obvious, wasn't it" to my colleagues ...) ;-)
If you're interested in reading more about this scenario, "arp poisoning" and "arp spoofing" would be the most relevant search terms.


10 More Discussions You Might Find Interesting

1. Cybersecurity

ARP address resoluton

How does ARP take care of uniqueness of physical addresses? How does an ISP allocate a MAC address when I do not have an NIC( Network interface Card)? (1 Reply)
Discussion started by: ManishSaxena
1 Replies

2. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down itís services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

3. IP Networking

ARP Req Pkt

Does ARP Request packet Contains MAC Address of dest during broadcast? I found It So... When i captured ARP Req Pkts on ethereal... Rgds -Meti (1 Reply)
Discussion started by: ashokmeti
1 Replies

4. HP-UX

HW Address and arp

I was checking nettl output for a unstable telnet to my server. this is part of output: ### ***********************************STREAMS/UX*******************************@#% Timestamp : Sun Jun 22 EETDST 2008 22:14:47.492899 Process ID : Subsystem ... (4 Replies)
Discussion started by: xramm
4 Replies

5. IP Networking

Modifying ARP frames

Hi All, Is there any way to modify or filter the ARP frames?? thanks! (2 Replies)
Discussion started by: lagigliaivan
2 Replies

6. IP Networking

arp output (flags)

I'm running an arp -an on a Solaris 10 box. We're using IPMP. One of the systems is not able to see a host on the same network. The only difference between the two systems (one is having a problem, the other isn't) at least so far is the output of arp: # arp -an | grep 224.55 e1000g5... (1 Reply)
Discussion started by: BOFH
1 Replies

7. Red Hat

Arp Problem

Dear All i have a linux proxy server which has RHEL-5 64 bit, it has two interfaces, it has the following details eth0= eth3= default gateway= one static route= gw i am facing a problem when i ping from... (2 Replies)
Discussion started by: surfer24
2 Replies

8. UNIX for Advanced & Expert Users

Monitoring the arp table

Man page of netlink says: --------------------------------- NETLINK_ARPD For managing the arp table in user space. ---------------------------------- Is it possible to monitor arp table using Netlink? or it's just for manipulating? (1 Reply)
Discussion started by: xyzt
1 Replies

9. UNIX for Advanced & Expert Users

arp questions

Can someone please explain this output to me. Why doesn't ifconfig show the same info? ~ $ arp -a ? ( at 00:1b:21:2b:eb:0c on eth0 (4 Replies)
Discussion started by: cokedude
4 Replies

10. IP Networking

necessary ARP request?

Hello, I have 2 clients with Unix installed. host1: eth0 ( & eth1 ( host2: eth0 ( I've connected host1-eth1 to host2-eth0. host1-eth0 isn't connected. I started 'tcpdump' on wonder that host2 got ARP requests for Any idea why host1... (2 Replies)
Discussion started by: daWonderer
2 Replies
ARP-FINGERPRINT(1)					      General Commands Manual						ARP-FINGERPRINT(1)

arp-fingerprint - Fingerprint a system using ARP SYNOPSIS
arp-fingerprint [options] target The target should be specified as a single IP address or hostname. You cannot specify multiple targets, IP networks or ranges. If you use an IP address for the target, you can use the -o option to pass the --numeric option to arp-scan, which will prevent it from attempting DNS lookups. This can speed up the fingerprinting process, especially on systems with a slow or faulty DNS configuration. DESCRIPTION
arp-fingerprint fingerprints the specified target host using the ARP protocol. It sends various different types of ARP request to the target, and records which types it responds to. From this, it constructs a finger- print string consisting of "1" where the target responded and "0" where it did not. An example of a fingerprint string is 01000100000. This fingerprint string is then used to lookup the likely target operating system. Many of the fingerprint strings are shared by several operating systems, so there is not always a one-to-one mapping between fingerprint strings and operating systems. Also the fact that a system's fingerprint matches a certain operating system (or list of operating systems) does not necessarily mean that the system being fingerprinted is that operating system, although it is quite likely. This is because the list of operating systems is not exhaustive; it is just what I have discovered to date, and there are bound to be operating systems that are not listed. The ARP fingerprint of a system is generally a function of that system's kernel (although it is possible for the ARP function to be imple- mented in user space, it almost never is). Sometimes, an operating system can give different fingerprints depending on the configuration. An example is Linux, which will respond to a non-local source IP address if that IP is routed through the interface being tested. This is both good and bad: on one hand it makes the fingerprinting task more complex; but on the other, it can allow some aspects of the system configuration to be determined. Sometimes the fact that two different operating systems share a common ARP fingerprint string points to a re-use of networking code. One example of this is Windows NT and FreeBSD. arp-fingerprint uses arp-scan to send the ARP requests and receive the replies. There are other methods that can be used to fingerprint a system using arp-scan which can be used in addition to arp-fingerprint. These additional methods are not included in arp-fingerprint either because they are likely to cause disruption to the target system, or because they require knowledge of the target's configuration that may not always be available. arp-fingerprint is still being developed, and the results should not be relied on. As most of the ARP requests that it sends are non-stan- dard, it is possible that it may disrupt some systems, so caution is advised. If you find a system that arp-fingerprint reports as UNKNOWN, and you know what operating system it is running, could you please send details of the operating system and fingerprint to arp-scan@nta-monitor.com so I can include it in future versions. Please include the exact version of the operating system if you know it, as fingerprints sometimes change between versions. OPTIONS
-h Display a brief usage message and exit. -v Display verbose progress messages. -o <option-string> Pass specified options to arp-scan. You need to enclose the options string in quotes if it contains spaces. e.g. -o "-I eth1". The commonly used options are --interface (-I) and --numeric (-N). EXAMPLES
$ arp-fingerprint 01000100000 Linux 2.2, 2.4, 2.6 $ arp-fingerprint -o "-N -I eth1" 11110100000 FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003 NOTES
arp-fingerprint is implemented in Perl, so you need to have the Perl interpreter installed on your system to use it. AUTHOR
Roy Hills <Roy.Hills@nta-monitor.com> SEE ALSO
arp-scan(1) http://www.nta-monitor.com/wiki/ The arp-scan wiki page. April 5, 2007 ARP-FINGERPRINT(1)

Featured Tech Videos

All times are GMT -4. The time now is 09:29 PM.
Unix & Linux Forums Content Copyright 1993-2019. All Rights Reserved.
Privacy Policy