contents
Next: The Future Up: Configuring TCP/IP Networking Previous: Displaying Connections

Checking the ARP Tables

On some occasions, it is useful to view or even alter the contents of the kernel's ARP tables, for example when you suspect a duplicate Internet address is the cause for some intermittent network problem. The arp tool was made for things like these. Its command line options are
           arp [-v] [-t hwtype] -a [hostname]
           arp [-v] [-t hwtype] -s hostname hwaddr
           arp [-v] -d hostname [hostname...]
 
All hostname arguments may be either symbolic host names or IP-addresses in dotted quad notation.

The first invocation displays the ARP entry for the IP-address or host specified, or all hosts known if no hostname is given. For example, invoking arp on vlager may yield

           # arp -a
           IP address      HW type                 HW address
           191.72.1.3      10Mbps Ethernet         00:00:C0:5A:42:C1
           191.72.1.2      10Mbps Ethernet         00:00:C0:90:B3:42
           191.72.2.4      10Mbps Ethernet         00:00:C0:04:69:AA

which shows the Ethernet addresses of vlager, vstout and vale.

Using the -t option you can limit the display to the hardware type specified. This may be ether, ax25, or pronet, standing for 10Mbps Ethernet, AMPR-AX.25, and IEEE-802.5 token ring equipment, respectively.

The -s option is used to permanently add hostname's Ethernet address to the ARP tables. The hwaddr argument specifies the hardware address, which is by default expected to be an Ethernet address, specified as six hexadecimal bytes separated by colons. You may also set the hardware address for other types of hardware, too, using the -t option.

One problem which may require you to manually add an IP-address to the ARP table is when for some reasons ARP queries for the remote host fail, for instance when its ARP driver is buggy or there is another host in the network that erroneously identifies itself with that host's IP-address. Hard-wiring IP-addresses in the ARP table is also a (very drastic) measure to protect yourself from hosts on your Ethernet that pose as someone else.

Invoking arp using the -d switch deletes all ARP entries relating to the given host. This may be used to force the interface to re-attempt to obtain the Ethernet address for the IP-address in question. This is useful when a misconfigured system has broadcast wrong ARP information (of course, you have to reconfigure the broken host before).

The -s option may also be used to implement proxy ARP. This is a special technique where a host, say gate, acts as a gateway to another host named fnord, by pretending that both addresses refer to the same host, namely gate. It does so by publishing an ARP entry for fnord that points to its own Ethernet interface. Now when a host sends out an ARP query for fnord, gate will return a reply containing its own Ethernet address. The querying host will then send all datagrams to gate, which dutyfully forwards them to fnord.

These contortions may be necessary, for instance, when you want to access fnord from a DOS machine with a broken TCP implementation that doesn't understand routing too well. When you use proxy ARP, it will appear to the DOS machine as if fnord was on the local subnet, so it doesn't have to know about how to route through a gateway.

Another very useful application of proxy ARP is when one of your hosts acts as a gateway to some other host only temporarily, for instance through a dial-up link. In a previous example, we already encountered the laptop vlite which was connected to vlager through a PLIP link only from time to time. Of course, this will work only if the address of the host you want to provide proxy ARP for is on the same IP subnet as your gateway. For instance, vstout could proxy ARP for any host on the Brewery subnet (191.72.1.0), but never for a host on the Winery subnet (191.72.2.0).

The proper invocation to provide proxy ARP for fnord is given below; of course, the Ethernet address given must be that of gate.

           # arp -s fnord 00:00:c0:a1:42:e0 pub
 
The proxy ARP entry may be removed again by invoking:
           # arp -d fnord


contents
Next: The Future Up: Configuring TCP/IP Networking Previous: Displaying Connections

Andrew Anderson
Thu Mar 7 23:22:06 EST 1996

Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:57:42