👤
Home Man
Search
Today's Posts
Register

Tell your work related tech stories and share experiences here. Share your successes and failures and other "war stories" in this forum.

What arp -s is good for

👤 Login to reply

 
Thread Tools Search this Thread
# 8  
Old 10-24-2012
As I recall from my old network engineering days a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule. In this case, all the IP addresses on the network will respond for all interfaces configured and operational (and not blocking).
# 9  
Old 10-24-2012
It is on the same subnet.

Theoretically yes, broadcast ping should work, but many common operating systems and hardware bridges block or ignore broadcast ping -- or any ping -- as a matter of course now.

I can see how it could get the pinger's MAC into other people's ARP tables, but can't see see how broadcast ping gets other MAC's into my ARP table when they don't reply.
# 10  
Old 10-24-2012
They may reply with some nasty packet type other than echo response ICMP, like source quench!

If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache. Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
# 11  
Old 10-24-2012
Quote:
Originally Posted by DGPickett
If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache.
Swapped, sure, but that assumes a reply. No reply? No ARP entry.

Quote:
Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
I think it tracks all ARP, since it's asynchronous, and it's useful to know things you didn't necessarily ask for anyway. ARP poisoning attacks are possible.
# 12  
Old 10-24-2012
Swapped, well received, right.

I believe ARP entries are good for about 5 minutes (which fouls up IP failover strategies on very high uptime systems), so the list does not usualy get very long. I suppose a NIC with a promiscuous arp algorythm could collect ARP from packets not for you, if you are not segregated by a switch from all such traffic. Network is a very competitive arena.
# 13  
Old 10-24-2012
My memory was faulty, only some ARP packets are broadcasts, the requests, not the replies. You are correct.
# 14  
Old 10-24-2012
Quote:
Originally Posted by Neo
a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule.
True - still, this works only if network (the department, not the device) hasn't decided that every network connection, even one on the same subnet, has to go over a switch with firewall capabilities enabled (that is: each and every port blocked per default).

In my last project i had such a network, which is truly a PITA: you won't even get a ping from your default gateway back - but should manage HA-networks over that crap. Usually it took us 2-3 weeks to set up a cluster - 1 hour for installing and configuring it, the rest for filling out the forms required to get the various necessary ports opened in the firewall (which never worked right the first time).

bakunin

Last edited by bakunin; 10-24-2012 at 04:56 PM..
👤 Login to reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
necessary ARP request? daWonderer IP Networking 2 03-04-2012 05:11 AM
Protection against arp spoofing chrisperry IP Networking 2 01-02-2012 07:05 PM
arp questions cokedude UNIX for Advanced & Expert Users 4 09-06-2011 07:56 PM
Arp Problem surfer24 Red Hat 2 09-02-2009 12:02 AM
HW Address and arp xramm HP-UX 4 07-26-2008 11:45 AM
ARP Req Pkt ashokmeti IP Networking 1 01-30-2008 08:00 AM
ARP Cache earlysame55 Solaris 7 06-30-2007 10:35 PM
Proxy ARP Difficulties TheMaskedMan IP Networking 7 11-02-2005 09:14 AM
multiple arp replies Rakesh Ranjan IP Networking 2 08-30-2005 12:28 PM
ARP address resoluton ManishSaxena Security 1 05-06-2002 07:56 AM


All times are GMT -4. The time now is 11:01 PM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?