20. Address Resolution Protocol

Address Resolution Protocol (ARP) – used when you have the IP address, and you need the Ethernet address (all replies are cached in the ARP table for a specified amount of time.)

Reason for ARP failures
No ARP call (arp -c) No ARP reply (arp -r)
The address is already cached The address doesn't exist, is down or not on your network
Not on Ethernet Unable to ARP (has to use proxy ARP (1 machine answers for another (not used often))
Not Unicast Multiple arp -r? two hosts are using the same IP

Commands for arp

  1. arp –d [host or arp entry]– will delete an ARP entry
  2. arp –s – will change arp table
  3. arp –a – will list arp table (shows IP and MAC addresses) (netstat –p shows the same thing as arp -a)
  4. Who is [IP address] - will show who has the IP address you designate with the machines MAC address (self discovery)
  5. snoop arp – checks for arp
  6. snoop arp or icmp – checks for arp’s and pings
  7. netstat –l 10 - shows net status
  8. ps –ef pid – shows processes

In local networks, machines are found by arp. A proxy arp is where one machine answers for another.

To reach just one host when two are sharing the same IP:
Delete old entries (arp –d[Ethernet address])
Add one of the Ethernet addresses (arp -s)

Files to config at boot – in /etc dir (/etc holds all system config files) /etc/hostname.[interface name here] (ie: /etc/hostname.hme0) You need to have the proceeding for each interface you have, except for pseudo interfaces.

  Go to Chapter 19       Go to Index        Go to Chapter 21