On some occasions, it is useful to view or alter the contents of the
kernel's ARP tables, for example when you suspect a duplicate Internet
address is the cause for some intermittent network problem. The
arp tool was made for situations like this. Its
command-line options are:
arp [-v] [-t hwtype] -a [hostname]
arp [-v] [-t hwtype] -s hostname hwaddr
arp [-v] -d hostname [hostname…] |
All hostname arguments may be either symbolic
hostnames or IP addresses in dotted quad notation.
The first invocation displays the ARP entry for the IP address or host
specified, or all hosts known if no hostname is
given. For example, invoking arp on
vlager may yield:
# arp -a
IP address HW type HW address
172.16.1.3 10Mbps Ethernet 00:00:C0:5A:42:C1
172.16.1.2 10Mbps Ethernet 00:00:C0:90:B3:42
172.16.2.4 10Mbps Ethernet 00:00:C0:04:69:AA |
which shows the Ethernet addresses of
vlager,
vstout and
vale.
You can limit the display to the hardware type specified using the
–t option. This may be ether, ax25, or pronet, standing for 10 Mbps Ethernet;
AMPR AX.25, and IEEE 802.5 token ring equipment, respectively.
The –s option is used to permanently add
hostname's Ethernet address to the ARP
tables. The hwaddr argument specifies the
hardware address, which is by default expected to be an Ethernet
address specified as six hexadecimal bytes separated by colons. You
may also set the hardware address for other types of hardware, using
the –t option.
For some reason, ARP queries for the remote host sometimes fail, for
instance when its ARP driver is buggy or there is another host in the
network that erroneously identifies itself with that host's IP
address; this problem requires you to manually add an IP address to
the ARP table. Hard-wiring IP addresses in the ARP table is also a
(very drastic) measure to protect yourself from hosts on your Ethernet
that pose as someone else.
Invoking arp using the –d
switch deletes all ARP entries relating to the given host. This switch
may be used to force the interface to re-attempt obtaining the
Ethernet address for the IP address in question. This is useful when a
misconfigured system has broadcasted wrong ARP information (of course,
you have to reconfigure the broken host first).
The –s option may also be used to implement
proxy ARP. This is a special technique through
which a host, say gate, acts
as a gateway to another host named fnord by pretending that both addresses
refer to the same host, namely gate. It does so by publishing an ARP
entry for fnord that points
to its own Ethernet interface. Now when a host sends out an ARP query
for fnord, gate will return a reply containing its
own Ethernet address. The querying host will then send all datagrams
to gate, which dutifully
forwards them to fnord.
These contortions may be necessary when you want to access fnord from a DOS machine with a broken
TCP implementation that doesn't understand routing too well. When you
use proxy ARP, it will appear to the DOS machine as if fnord was on the local subnet, so it
doesn't have to know about how to route through a gateway.
Another useful application of proxy ARP is when one of your hosts acts
as a gateway to some other host only temporarily, for instance,
through a dial-up link. In a previous example, we encountered the
laptop vlite, which was
connected to vlager through a
PLIP link from time to time. Of course, this application will work
only if the address of the host you want to provide proxy ARP for is
on the same IP subnet as your gateway. vstout could proxy ARP for any host on
the Brewery subnet (172.16.1.0), but never for a host on the
Winery subnet (172.16.2.0).
The proper invocation to provide proxy ARP for fnord is given below; of course, the
given Ethernet address must be that of gate:
# arp -s fnord 00:00:c0:a1:42:e0 pub |
The proxy ARP entry may be removed again by invoking: