What arp -s is good for


 
Thread Tools Search this Thread
The Lounge War Stories What arp -s is good for
# 8  
Old 10-24-2012
As I recall from my old network engineering days a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule. In this case, all the IP addresses on the network will respond for all interfaces configured and operational (and not blocking).
# 9  
Old 10-24-2012
It is on the same subnet.

Theoretically yes, broadcast ping should work, but many common operating systems and hardware bridges block or ignore broadcast ping -- or any ping -- as a matter of course now.

I can see how it could get the pinger's MAC into other people's ARP tables, but can't see see how broadcast ping gets other MAC's into my ARP table when they don't reply.
# 10  
Old 10-24-2012
They may reply with some nasty packet type other than echo response ICMP, like source quench!

If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache. Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
# 11  
Old 10-24-2012
Quote:
Originally Posted by DGPickett
If they have ever swapped any sort of IP packet with you, I would think it will be in your arp cache.
Swapped, sure, but that assumes a reply. No reply? No ARP entry.

Quote:
Does ARP cache hold everything that arrives on your stack, or just arp responses for arp you initiated? Is there an arp cache poisoning attack?
I think it tracks all ARP, since it's asynchronous, and it's useful to know things you didn't necessarily ask for anyway. ARP poisoning attacks are possible.
# 12  
Old 10-24-2012
Swapped, well received, right.

I believe ARP entries are good for about 5 minutes (which fouls up IP failover strategies on very high uptime systems), so the list does not usualy get very long. I suppose a NIC with a promiscuous arp algorythm could collect ARP from packets not for you, if you are not segregated by a switch from all such traffic. Network is a very competitive arena.
# 13  
Old 10-24-2012
My memory was faulty, only some ARP packets are broadcasts, the requests, not the replies. You are correct.
# 14  
Old 10-24-2012
Quote:
Originally Posted by Neo
a ping to a broadcast address should be done on the same subnet as the broadcast address, as a general rule.
True - still, this works only if network (the department, not the device) hasn't decided that every network connection, even one on the same subnet, has to go over a switch with firewall capabilities enabled (that is: each and every port blocked per default).

In my last project i had such a network, which is truly a PITA: you won't even get a ping from your default gateway back - but should manage HA-networks over that crap. Usually it took us 2-3 weeks to set up a cluster - 1 hour for installing and configuring it, the rest for filling out the forms required to get the various necessary ports opened in the firewall (which never worked right the first time).

bakunin

Last edited by bakunin; 10-24-2012 at 05:56 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

necessary ARP request?

Hello, I have 2 clients with Unix installed. host1: eth0 (192.168.5.10) & eth1 (192.168.10.10) host2: eth0 (192.168.10.20) I've connected host1-eth1 to host2-eth0. host1-eth0 isn't connected. I started 'tcpdump' on wonder that host2 got ARP requests for 192.168.5.10. Any idea why host1... (2 Replies)
Discussion started by: daWonderer
2 Replies

2. IP Networking

Protection against arp spoofing

Hi, I'm trying to find a way to protect my network against arp spoofing. What it is: An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker. How to protect myself: In my opinion, the best possible... (2 Replies)
Discussion started by: chrisperry
2 Replies

3. UNIX for Advanced & Expert Users

arp questions

Can someone please explain this output to me. Why doesn't ifconfig show the same info? ~ $ arp -a ? (10.71.0.1) at 00:1b:21:2b:eb:0c on eth0 (4 Replies)
Discussion started by: cokedude
4 Replies

4. IP Networking

Stuck ARP entries

About a week ago a customer hooked up a wireless router backwards to our network, causing it to serve incorrect DHCP addresses to some of them. Our networks are mostly statically assigned so this didn't cause as much damage as it might have, but now, over a week later, I still have incomplete... (1 Reply)
Discussion started by: Corona688
1 Replies

5. Red Hat

Arp Problem

Dear All i have a linux proxy server which has RHEL-5 64 bit, it has two interfaces, it has the following details eth0=10.200.14.42 eth3=10.201.14.42 default gateway=10.201.14.254 one static route=192.168.0.0/24 gw 10.200.14.254 i am facing a problem when i ping 10.201.14.42 from... (2 Replies)
Discussion started by: surfer24
2 Replies

6. IP Networking

arp output (flags)

I'm running an arp -an on a Solaris 10 box. We're using IPMP. One of the systems is not able to see a host on the same network. The only difference between the two systems (one is having a problem, the other isn't) at least so far is the output of arp: # arp -an | grep 224.55 e1000g5... (1 Reply)
Discussion started by: BOFH
1 Replies

7. HP-UX

HW Address and arp

I was checking nettl output for a unstable telnet to my server. this is part of output: ### ***********************************STREAMS/UX*******************************@#% Timestamp : Sun Jun 22 EETDST 2008 22:14:47.492899 Process ID : Subsystem ... (4 Replies)
Discussion started by: xramm
4 Replies

8. IP Networking

ARP Req Pkt

Does ARP Request packet Contains MAC Address of dest during broadcast? I found It So... When i captured ARP Req Pkts on ethereal... Rgds -Meti (1 Reply)
Discussion started by: ashokmeti
1 Replies

9. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

10. Cybersecurity

ARP address resoluton

How does ARP take care of uniqueness of physical addresses? How does an ISP allocate a MAC address when I do not have an NIC( Network interface Card)? (1 Reply)
Discussion started by: ManishSaxena
1 Replies
Login or Register to Ask a Question