Unix/Linux Go Back    


War Stories Tell your work related tech stories and share experiences here. Share your successes and failures and other "war stories" in this forum.

What arp -s is good for

War Stories


Closed    
 
Thread Tools Search this Thread Display Modes
    #8  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 22 May 2018, 12:17 PM EDT
Location: Asia pacific region
Posts: 14,368
Thanks: 994
Thanked 1,369 Times in 652 Posts
As I recall from my old network engineering days a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule. In this case, all the IP addresses on the network will respond for all interfaces configured and operational (and not blocking).
Sponsored Links
    #9  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 22 May 2018, 3:03 PM EDT
Location: Saskatchewan
Posts: 22,674
Thanks: 1,177
Thanked 4,321 Times in 3,984 Posts
It is on the same subnet.

Theoretically yes, broadcast ping should work, but many common operating systems and hardware bridges block or ignore broadcast ping -- or any ping -- as a matter of course now.

I can see how it could get the pinger's MAC into other people's ARP tables, but can't see see how broadcast ping gets other MAC's into my ARP table when they don't reply.
Sponsored Links
    #10  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
DGPickett's Unix or Linux Image
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks: 8
Thanked 588 Times in 561 Posts
They may reply with some nasty packet type other than echo response ICMP, like source quench!

If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache. Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
    #11  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 22 May 2018, 3:03 PM EDT
Location: Saskatchewan
Posts: 22,674
Thanks: 1,177
Thanked 4,321 Times in 3,984 Posts
Quote:
Originally Posted by DGPickett View Post
If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache.
Swapped, sure, but that assumes a reply. No reply? No ARP entry.

Quote:
Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
I think it tracks all ARP, since it's asynchronous, and it's useful to know things you didn't necessarily ask for anyway. ARP poisoning attacks are possible.
Sponsored Links
    #12  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
DGPickett's Unix or Linux Image
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks: 8
Thanked 588 Times in 561 Posts
Swapped, well received, right.

I believe ARP entries are good for about 5 minutes (which fouls up IP failover strategies on very high uptime systems), so the list does not usualy get very long. I suppose a NIC with a promiscuous arp algorythm could collect ARP from packets not for you, if you are not segregated by a switch from all such traffic. Network is a very competitive arena.
Sponsored Links
    #13  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 22 May 2018, 3:03 PM EDT
Location: Saskatchewan
Posts: 22,674
Thanks: 1,177
Thanked 4,321 Times in 3,984 Posts
My memory was faulty, only some ARP packets are broadcasts, the requests, not the replies. You are correct.
Sponsored Links
    #14  
Old Unix and Linux 10-24-2012   -   Original Discussion by Corona688
bakunin's Unix or Linux Image
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 22 May 2018, 6:10 PM EDT
Location: In the leftmost byte of /dev/kmem
Posts: 5,764
Thanks: 112
Thanked 1,682 Times in 1,235 Posts
Quote:
Originally Posted by Neo View Post
a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule.
True - still, this works only if network (the department, not the device) hasn't decided that every network connection, even one on the same subnet, has to go over a switch with firewall capabilities enabled (that is: each and every port blocked per default).

In my last project i had such a network, which is truly a PITA: you won't even get a ping from your default gateway back - but should manage HA-networks over that crap. Usually it took us 2-3 weeks to set up a cluster - 1 hour for installing and configuring it, the rest for filling out the forms required to get the various necessary ports opened in the firewall (which never worked right the first time).

bakunin

Last edited by bakunin; 10-24-2012 at 04:56 PM..
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
If there is anyone who is very good at AIX 5.1.. dilshik AIX 7 12-26-2003 11:40 PM



All times are GMT -4. The time now is 07:27 PM.