442 lines
7.8 KiB
HTML
442 lines
7.8 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Checking the ARP Tables</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Configuring TCP/IP Networking"
|
|
HREF="x-087-2-iface.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="The netstat Command"
|
|
HREF="x-087-2-iface.netstat.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Name Service and Resolver Configuration"
|
|
HREF="x-087-2-resolv.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-iface.netstat.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 5. Configuring TCP/IP Networking</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-resolv.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="X-087-2-IFACE.VERIFY.ARP"
|
|
>5.10. Checking the ARP Tables</A
|
|
></H1
|
|
><P
|
|
>On some occasions, it is useful to view or alter the contents of the
|
|
kernel's ARP tables, for example when you suspect a duplicate Internet
|
|
address is the cause for some intermittent network problem. The
|
|
<B
|
|
CLASS="COMMAND"
|
|
>arp</B
|
|
> tool was made for situations like this. Its
|
|
command-line options are:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>arp [-v] [-t <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hwtype</I
|
|
></TT
|
|
>] -a [<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
>]
|
|
arp [-v] [-t <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hwtype</I
|
|
></TT
|
|
>] -s <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
> <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hwaddr</I
|
|
></TT
|
|
>
|
|
arp [-v] -d <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
> [<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
>…]</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>All <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
> arguments may be either symbolic
|
|
hostnames or IP addresses in dotted quad notation.</P
|
|
><P
|
|
>The first invocation displays the ARP entry for the IP address or host
|
|
specified, or all hosts known if no <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
> is
|
|
given. For example, invoking <B
|
|
CLASS="COMMAND"
|
|
>arp</B
|
|
> on
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> may yield:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>arp -a</B
|
|
></TT
|
|
>
|
|
IP address HW type HW address
|
|
172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1
|
|
172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42
|
|
172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>which shows the Ethernet addresses of
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
>,
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vstout</SPAN
|
|
> and
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vale</SPAN
|
|
>.</P
|
|
><P
|
|
>You can limit the display to the hardware type specified using the
|
|
<TT
|
|
CLASS="OPTION"
|
|
>–t</TT
|
|
> option. This may be <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>ether</SPAN
|
|
>, <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>ax25</SPAN
|
|
>, or <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>pronet</SPAN
|
|
>, standing for 10 Mbps Ethernet;
|
|
AMPR AX.25, and IEEE 802.5 token ring equipment, respectively.</P
|
|
><P
|
|
>The <TT
|
|
CLASS="OPTION"
|
|
>–s</TT
|
|
> option is used to permanently add
|
|
<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hostname</I
|
|
></TT
|
|
>'s Ethernet address to the ARP
|
|
tables. The <TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>hwaddr</I
|
|
></TT
|
|
> argument specifies the
|
|
hardware address, which is by default expected to be an Ethernet
|
|
address specified as six hexadecimal bytes separated by colons. You
|
|
may also set the hardware address for other types of hardware, using
|
|
the <TT
|
|
CLASS="OPTION"
|
|
>–t</TT
|
|
> option.</P
|
|
><P
|
|
>For some reason, ARP queries for the remote host sometimes fail, for
|
|
instance when its ARP driver is buggy or there is another host in the
|
|
network that erroneously identifies itself with that host's IP
|
|
address; this problem requires you to manually add an IP address to
|
|
the ARP table. Hard-wiring IP addresses in the ARP table is also a
|
|
(very drastic) measure to protect yourself from hosts on your Ethernet
|
|
that pose as someone else.</P
|
|
><P
|
|
>Invoking <B
|
|
CLASS="COMMAND"
|
|
>arp</B
|
|
> using the <TT
|
|
CLASS="OPTION"
|
|
>–d</TT
|
|
>
|
|
switch deletes all ARP entries relating to the given host. This switch
|
|
may be used to force the interface to re-attempt obtaining the
|
|
Ethernet address for the IP address in question. This is useful when a
|
|
misconfigured system has broadcasted wrong ARP information (of course,
|
|
you have to reconfigure the broken host first).</P
|
|
><P
|
|
>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The <TT
|
|
CLASS="OPTION"
|
|
>–s</TT
|
|
> option may also be used to implement
|
|
<I
|
|
CLASS="EMPHASIS"
|
|
>proxy</I
|
|
> ARP. This is a special technique through
|
|
which a host, say <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>gate</SPAN
|
|
>, acts
|
|
as a gateway to another host named <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
> by pretending that both addresses
|
|
refer to the same host, namely <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>gate</SPAN
|
|
>. It does so by publishing an ARP
|
|
entry for <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
> that points
|
|
to its own Ethernet interface. Now when a host sends out an ARP query
|
|
for <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
>, <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>gate</SPAN
|
|
> will return a reply containing its
|
|
own Ethernet address. The querying host will then send all datagrams
|
|
to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>gate</SPAN
|
|
>, which dutifully
|
|
forwards them to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
>.</P
|
|
><P
|
|
>These contortions may be necessary when you want to access <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
> from a DOS machine with a broken
|
|
TCP implementation that doesn't understand routing too well. When you
|
|
use proxy ARP, it will appear to the DOS machine as if <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
> was on the local subnet, so it
|
|
doesn't have to know about how to route through a gateway.</P
|
|
><P
|
|
>Another useful application of proxy ARP is when one of your hosts acts
|
|
as a gateway to some other host only temporarily, for instance,
|
|
through a dial-up link. In a previous example, we encountered the
|
|
laptop <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlite</SPAN
|
|
>, which was
|
|
connected to <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vlager</SPAN
|
|
> through a
|
|
PLIP link from time to time. Of course, this application will work
|
|
only if the address of the host you want to provide proxy ARP for is
|
|
on the same IP subnet as your gateway. <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vstout</SPAN
|
|
> could proxy ARP for any host on
|
|
the Brewery subnet (<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>172.16.1.0</SPAN
|
|
>), but never for a host on the
|
|
Winery subnet (<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>172.16.2.0</SPAN
|
|
>).</P
|
|
><P
|
|
>The proper invocation to provide proxy ARP for <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>fnord</SPAN
|
|
> is given below; of course, the
|
|
given Ethernet address must be that of <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>gate</SPAN
|
|
>:</P
|
|
><P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># arp -s fnord 00:00:c0:a1:42:e0 pub</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>The proxy ARP entry may be removed again by invoking:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># arp -d fnord</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-iface.netstat.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-resolv.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>The netstat Command</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-iface.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Name Service and Resolver Configuration</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |