nanog mailing list archives
Re: Sending ARP request to unicast MAC instead of broadcast MAC address?
From: "Crist Clark" <Crist.Clark () globalstar com>
Date: Thu, 17 Jun 2010 10:57:46 -0700
On 6/16/2010 at 3:57 PM, Chris Woodfield <rekoil () semihuman com> wrote:OK, this sounds Really Wacky (or, Really Hacky if you're into puns) but there's a reason for it, I swear... Will typical OSS UNIX kernels (Linux, BSD, MacOS X, etc) reply to a crafted ARP request that, instead of having FF:FF:FF:FF:FF:FF as its destination MAC address, is instead sent to the already-known unicast MAC address of the host? Next, what would be your utility of choice for crafting such a packet? Or is this something one would need to code up by hand in a lower-level language?
Unicast ARP requests are considered normal. See Section 2.3.2.1 of
RFC1122, "ARP Cache Validation." Specifically,
IMPLEMENTATION:
Four mechanisms have been used, sometimes in
combination, to flush out-of-date cache entries.
[snip]
(2) Unicast Poll -- Actively poll the remote host by
periodically sending a point-to-point ARP Request
to it, and delete the entry if no ARP Reply is
received from N successive polls. Again, the
timeout should be on the order of a minute, and
typically N is 2.
Current thread:
- Sending ARP request to unicast MAC instead of broadcast MAC address? Chris Woodfield (Jun 16)
- Re: Sending ARP request to unicast MAC instead of broadcast MAC address? James Hess (Jun 16)
- Re: Sending ARP request to unicast MAC instead of broadcast MAC address? Ingo Flaschberger (Jun 16)
- Re: Sending ARP request to unicast MAC instead of broadcast MAC address? Crist Clark (Jun 17)
- Re: Sending ARP request to unicast MAC instead of broadcast MAC address? Chris Woodfield (Jun 17)
- Re: Sending ARP request to unicast MAC instead of broadcast MAC address? Steven King (Jun 17)
