Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


What arp -s is good for


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
What arp -s is good for

A customer appears to have drastically misunderstood our instructions for connecting to our WAN. He set his PC IP address to the same as one of the bridges. Smilie Smilie This caused much confusion on the network, to put it mildly. He called to complain about the poor performance of the network he ruined, then made himself unavailable for phone calls so it couldn't be fixed.

Even blocking his MAC address didn't help. The bridging problem happens in midair, nowhere the server can control. If I could at least get into the bridge, I could reconfigure it to a different IP and allow traffic again...

So, on the server, I tried this:

Code:
arp -d 192.168.6.101 ; arp -s 192.168.6.101 00:60:b3:07:0e:8e

This succeeded in forcing the server to talk to the bridge, not to him. I was then able to get into the bridge's web interface and change its IP from there. From there it was easy.
These 5 Users Gave Thanks to Corona688 For This Post:
# 2  
Best put him on his own firewall! Smilie

You can do neat things with arp. You can set a host to be arp server and have it direct packets to a host that actually knows how to get to the IP, sort of like a local routing table addition for the collision domain.
# 3  
Often you can ping the broadcast address and the duplicate IP addresses will show up in the reply.
These 2 Users Gave Thanks to Neo For This Post:
# 4  
Modifying the arp cache was a clever trick. I wouldn't have thought of that.

(Now, of course, should this problem arise, i will gladly pull it out of my memory with a grin and a bored "well, that was obvious, wasn't it" to my colleagues ...) ;-)

bakunin
This User Gave Thanks to bakunin For This Post:
# 5  
For monitoring and notification of arp events, arpwatch can be useful.

Quote:
Originally Posted by bakunin
Modifying the arp cache was a clever trick. I wouldn't have thought of that.

(Now, of course, should this problem arise, i will gladly pull it out of my memory with a grin and a bored "well, that was obvious, wasn't it" to my colleagues ...) ;-)
If you're interested in reading more about this scenario, "arp poisoning" and "arp spoofing" would be the most relevant search terms.

Regards,
Alister
# 6  
Quote:
Originally Posted by Neo
Often you can ping the broadcast address and the duplicate IP addresses will show up in the reply.
There's absolutely nothing on my network that answers a ping broadcast -- perhaps because of the wireless bridge -- and increasingly many things these days never bother answering ping at all. Smilie Engineers seem to be forgetting why ICMP exists. I don't like it, but if the equipment isn't my own, I have to live with it.

Equipment can't block or ignore ARP and still function on a local network though, so I've got the arping tool installed standard everywhere. That's how I tracked down the dup. arping2 -d -i lan 192.168.6.101 Note that without the -d, it won't show dups.

Last edited by Corona688; 10-24-2012 at 12:38 PM..
# 7  
Well, a ping to broadcast (allowing a large number of responses) might at least generate some additional arp cache entries, which you can peruse.
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
necessary ARP request?
daWonderer
Hello, I have 2 clients with Unix installed. host1: eth0 (192.168.5.10) & eth1 (192.168.10.10) host2: eth0 (192.168.10.20) I've connected host1-eth1 to host2-eth0. host1-eth0 isn't connected. I started 'tcpdump' on wonder that host2 got ARP requests for 192.168.5.10. Any idea why host1...... IP Networking
2
IP Networking
arp questions
cokedude
Can someone please explain this output to me. Why doesn't ifconfig show the same info? ~ $ arp -a ? (10.71.0.1) at 00:1b:21:2b:eb:0c on eth0... UNIX for Advanced & Expert Users
4
UNIX for Advanced & Expert Users
Arp Problem
surfer24
Dear All i have a linux proxy server which has RHEL-5 64 bit, it has two interfaces, it has the following details eth0=10.200.14.42 eth3=10.201.14.42 default gateway=10.201.14.254 one static route=192.168.0.0/24 gw 10.200.14.254 i am facing a problem when i ping 10.201.14.42 from...... Red Hat
2
Red Hat
HW Address and arp
xramm
I was checking nettl output for a unstable telnet to my server. this is part of output: ### ***********************************STREAMS/UX*******************************@#% Timestamp : Sun Jun 22 EETDST 2008 22:14:47.492899 Process ID : Subsystem ...... HP-UX
4
HP-UX
ARP Cache
earlysame55
Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down itís services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update...... Solaris
7
Solaris

Featured Tech Videos