• Choose a category
• All
• Classic-Fiction

irie# cat /etc/arptable

relax 08:00:20:73:3e:ec pub

stress 08:00:20:b9:18:3d pub

irie# arp -f /etc/arptable

The -f option forces arp to read the named file for entries, alternatively the -s option can be used to add a single mapping from the command line:

irie# arp -s relax 08:00:20:73:3e:ec pub

As a diagnostic tool, arp is useful for resolving esoteric point-to-point connectivity problems. If a host's ARP table contains an incorrect entry, the machine using it will not be reachable, since outgoing packets will contain the wrong Ethernet address. ARP table entries may contain incorrect Ethernet addresses for several reasons:

Another host on the network is answering ARP requests for the same IP address, or all IP addresses, emulating a duplicate IP address on the network.

A host with a published ARP entry contains the wrong Ethernet address in its ARP table.

Either of the above situations exist, and the incorrect ARP reply arrives at the requesting host after the correct reply. When ARP table entries are updated dynamically, the last response received is the one that "wins." If the correct ARP response is received from a host that is physically close to the requester, and a duplicate ARP response arrives from a host that is located across several Ethernet bridges, then the later — and probably incorrect — response is the one that the machine uses for future packet transmissions.

Inspection of the ARP table can reveal some obvious problems; for example, the three-octet prefix of the machine's Ethernet address does not agree with the vendor's label on the front of the machine. If you believe you are suffering from intermittent ARP failures, you can delete specific ARP table entries and monitor the table as it is repopulated dynamically. ARP table entries are deleted with arp -d, and only the superuser can delete entries. In the following example, we delete the ARP table entry for fenwick, then force the local host to send an ARP request for fenwick by attempting to connect to it using telnet. By examining the ARP table after the connection attempt, we can see if some other host has responded incorrectly to the ARP request:

# arp -d fenwick

fenwick (131.40.52.44) deleted

# telnet fenwick

...Telnet times out...

# arp -a | grep fenwick

hme0 fenwick 255.255.255.255 08:00:20:79:61:eb

An example involving intermittent ARP failures is presented in Chapter 15.

IPv6 nodes use the neighbor discovery mechanism to learn the link layer address (MAC in the case of Ethernet) of the other nodes connected to the link. The IPv6 neighbor discovery mechanism delivers the functionality previously provided by the combination of ARP, ICMP router discovery, and ICMP redirect mechanisms. This is done by defining special ICMP6 message types: neighbor solicitation and neighbor advertisement. A node issues neighbor solicitations when it needs to request the link-layer (MAC) address of a neighbor. Nodes will also issue neighbor advertisement messages in response to neighbor solicitation messages, as well as when their link-layer address changes.

Using ping to check network connectivity

ping is similar to arp in that it provides information about hosts on a network rather than information about data that is sent on the network. arp provides a low-level look at the MAC addressing used by a host, but it is not that powerful for diagnosing connectivity problems. ping is a more general purpose tool for investigating point-to-point connectivity problems and areas of questionable physical network topology.

ping uses the Internetwork Control Message Protocol (ICMP) echo facility to ask a remote machine for a reply. ICMP is another component of the network protocol stack that is a peer of IP and ARP. The returned packet contains a timestamp added by the remote host which is used to compute the round trip packet transit time. In its simplest form, ping is given a hostname or IP address and returns a verdict on connectivity to that host:

% ping shamrock

shamrock is alive

% ping 131.40.1.15

131.40.1.15 is alive

The