[Techtalk] arp

Raven, corporate courtesan raven at oneeyedcrow.net
Mon Nov 5 13:11:56 EST 2001

Heya --

Quoth Jeff Dike (Fri, Nov 02, 2001 at 06:59:21PM -0500):
> OK, so if an arp request comes in on an interface with proxy_arp on, and
> there's an arp entry in the routers cache for it, and the target machine
> doesn't live on the same ethernet strand, then it will reply with its own
> ethernet address.  That explains things.

> One question, though.  If a machine on one side of the router arps for a 
> machine on the other side, and the router hasn't heard from that machine, the 
> arp will fail, right?


> Are machines supposed to arp their own addresses
> occasionally, so this would be a temporary problem, when the other machine
> has just booted?
	No -- the router or whatever device will update the arp cache
from the source of packets that it recieves.  So if it gets a packet
from with a source MAC address of 0A:32:B4:whatever, it will
automatically enter that into its arp cache.  So any machine that's
sending packets (which would be most networked machines) should have an
updated entry in the arp cache.

	Of course, this means that if you can packet-spoof, you can also
poison the ARP cache on your router.  So it kind of sucks for LAN
security things.

"Oh -- oop, is Raven still here?"
"It's okay -- she's one of the guys.  Come on, she's in a committed
 relationship with a woman.  That's more than you can say for most
 of the rest of us."
  -- Alex, on geek men 

More information about the Techtalk mailing list