Home Man
Search
Today's Posts
Register

Tell your work related tech stories and share experiences here. Share your successes and failures and other "war stories" in this forum.

What arp -s is good for

Tags
war stories

Login to Reply

 
Thread Tools Search this Thread
# 8  
Old 10-24-2012
As I recall from my old network engineering days a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule. In this case, all the IP addresses on the network will respond for all interfaces configured and operational (and not blocking).
# 9  
Old 10-24-2012
It is on the same subnet.

Theoretically yes, broadcast ping should work, but many common operating systems and hardware bridges block or ignore broadcast ping -- or any ping -- as a matter of course now.

I can see how it could get the pinger's MAC into other people's ARP tables, but can't see see how broadcast ping gets other MAC's into my ARP table when they don't reply.
# 10  
Old 10-24-2012
They may reply with some nasty packet type other than echo response ICMP, like source quench!

If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache. Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
# 11  
Old 10-24-2012
Quote:
Originally Posted by DGPickett
If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache.
Swapped, sure, but that assumes a reply. No reply? No ARP entry.

Quote:
Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
I think it tracks all ARP, since it's asynchronous, and it's useful to know things you didn't necessarily ask for anyway. ARP poisoning attacks are possible.
# 12  
Old 10-24-2012
Swapped, well received, right.

I believe ARP entries are good for about 5 minutes (which fouls up IP failover strategies on very high uptime systems), so the list does not usualy get very long. I suppose a NIC with a promiscuous arp algorythm could collect ARP from packets not for you, if you are not segregated by a switch from all such traffic. Network is a very competitive arena.
# 13  
Old 10-24-2012
My memory was faulty, only some ARP packets are broadcasts, the requests, not the replies. You are correct.
# 14  
Old 10-24-2012
Quote:
Originally Posted by Neo
a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule.
True - still, this works only if network (the department, not the device) hasn't decided that every network connection, even one on the same subnet, has to go over a switch with firewall capabilities enabled (that is: each and every port blocked per default).

In my last project i had such a network, which is truly a PITA: you won't even get a ping from your default gateway back - but should manage HA-networks over that crap. Usually it took us 2-3 weeks to set up a cluster - 1 hour for installing and configuring it, the rest for filling out the forms required to get the various necessary ports opened in the firewall (which never worked right the first time).

bakunin

Last edited by bakunin; 10-24-2012 at 04:56 PM..
Login to Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
What is good? gitac What is on Your Mind? 6 09-18-2017 04:17 PM
Hrd in AIX 7.1 - what's it good for ? maraixadm AIX 2 06-23-2017 01:23 PM
Good Example on $| popeye Shell Programming and Scripting 1 12-30-2013 12:18 PM
Good day to all alwayslearning What is on Your Mind? 1 12-10-2008 08:49 AM
If there is anyone who is very good at AIX 5.1.. dilshik AIX 7 12-26-2003 11:40 PM


All times are GMT -4. The time now is 08:43 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password