Difference between revisions of "Arping"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "B.2. arping An almost unknown command (mostly because it is not frequently necessary), the arping utility performs an action similar to ping, but at the Ethernet layer. Where...")
 
Line 36: Line 36:
  
 
Note, that the Ethernet device must already be in an UP state (see Section B.3, “ip link”). If the Ethernet device has not been brought up, the arping utility will exit with a non-zero exit code (specifically, exit code 2).
 
Note, that the Ethernet device must already be in an UP state (see Section B.3, “ip link”). If the Ethernet device has not been brought up, the arping utility will exit with a non-zero exit code (specifically, exit code 2).
 +
 +
 +
 +
 +
 +
 +
 +
Yes, it's called "Unsolicited ARP" or "Gratuitous ARP". Check the manpage for arping for more details, but the syntax looks something like this:
 +
 +
arping -U 192.168.1.101
 +
 +
If you're spoofing an address, you may need to run this first:
 +
 +
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
 +
 +
Finally, because of its spoofing ability, sending Unsolicited ARP packets is sometimes considered a "hostile" activity, and may be ignored, or might lead to being blocked by some third-party firewalls.
 +
 +
Maybe i am wrong, but how about "arping" ?
 +
 +
In my box it works ok:
 +
 +
root@box:~# arping -i eth1 00:E0:29:XX:YY:ZZ
 +
ARPING 00:E0:29:XX:YY:ZZ
 +
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=0 time=47.922 usec
 +
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=1 time=44.823 usec
 +
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=2 time=84.877 usec

Revision as of 05:11, 30 March 2017

B.2. arping

An almost unknown command (mostly because it is not frequently necessary), the arping utility performs an action similar to ping, but at the Ethernet layer. Where ping tests the reachability of an IP address, arping reports the reachability and round-trip time of an IP address hosted on the local network.

There are several modes of operation for this utility. Under normal operation, arping displays the Ethernet and IP address of the target as well as the time elapsed between the arp request and the arp reply.

Example B.4. Displaying reachability of an IP on the local Ethernet with arping

[root@masq-gw]# arping -I eth0 -c 2 192.168.100.17
ARPING 192.168.100.17 from 192.168.100.254 eth0
Unicast reply from 192.168.100.17 [00:80:C8:E8:4B:8E]  8.419ms
Unicast reply from 192.168.100.17 [00:80:C8:E8:4B:8E]  2.095ms
Sent 2 probes (1 broadcast(s))
Received 2 response(s)
       


Other options to the arping utility include the ability to send a broadcast arp using the -U option and the ability to send a gratuitous reply using the -A option. A kernel with support for non-local bind can be used with arping for the nefarious purpose of wreaking havoc on an otherwise properly configured Ethernet. By performing gratuitous arp and broadcasting incorrect arp information, arp tables in poorly designed IP stacks can become quite confused.

arping can detect if an IP address is currently in use on an Ethernet. Called duplicate address detection, this use of arping is increasingly common in networking scripts.

For a practical example, let's assume a laptop named dietrich is normally connected to a home network with the same IP address as tristan of our main office network. In the boot scripts, dietrich might make good use of arping by testing reachability of the IP it wants to use before bringing up the IP layer.

Example B.5. Duplicate Address Detection with arping

[root@dietrich]# arping -D -q -I eth0 -c 2 192.168.99.35
[root@dietrich]# echo $?
1
[root@dietrich]# arping -D -q -I eth0 -c 2 192.168.99.36
[root@dietrich]# echo $?
0
       


First, dietrich tests reachability of its preferred IP (192.168.99.35). Because the IP address is in use by tristan, dietrich receives a response. Any response by a device on the Ethernet indicating that an IP address is in use will cause the arping command to exit with a non-zero exit code (specifically, exit code 1).

Note, that the Ethernet device must already be in an UP state (see Section B.3, “ip link”). If the Ethernet device has not been brought up, the arping utility will exit with a non-zero exit code (specifically, exit code 2).




Yes, it's called "Unsolicited ARP" or "Gratuitous ARP". Check the manpage for arping for more details, but the syntax looks something like this:

arping -U 192.168.1.101

If you're spoofing an address, you may need to run this first:

echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

Finally, because of its spoofing ability, sending Unsolicited ARP packets is sometimes considered a "hostile" activity, and may be ignored, or might lead to being blocked by some third-party firewalls.

Maybe i am wrong, but how about "arping" ?

In my box it works ok:

root@box:~# arping -i eth1 00:E0:29:XX:YY:ZZ
ARPING 00:E0:29:XX:YY:ZZ
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=0 time=47.922 usec
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=1 time=44.823 usec
60 bytes from 192.168.0.AAA (00:e0:29:XX:YY:ZZ): icmp_seq=2 time=84.877 usec