|
Disabling arp!!
Hi to all,
I wanted to know how we can completely disable arp protocol from a linux machine? What cmds do we use? Warm regards, Visham |
its not possible. without ARP how can you will get response from other computers in your network? or I think you dont want dynamic ARP then you can set static ARPs. check man arp
|
ifconfig allows you to disable arp on an interface. See man ifconfig.
|
Hi to all,
Many thx for the replies.. Actually I'm modifying mac addresses of outgoing frames. I don't want ARP to do the IP-MAC translation. I'm inserting a fixed destination MAC address myself. If I disable arp, will it be a problem? Will frames still go out of the interface with ARP disabled? Regards, Visham |
if you disable ARP how can your packets travels in network to its destination? then you need Static ARP table to be filled manually
|
are you writing a program for ARP spoofing?
|
Quote:
Do you think the packet will go with ARP disabled? |
check yourself as you have all things ready
|
I wud have done it but I'm not able right now..besides I didn't know how to disable ARP on a NIC.. i'll try it and post about it again..
Many thx for all the help.. Regards, Visham |
Yes the host SHOULD send the frame as long as it can resolve the MAC address from somewhere. ARP always consults the local ARP cache before sending an ARP request anyway, so theoretically if you add a static ARP entry you should be able to set the MAC without disabling the ARP protocol.
|
As stated by camorri:
Code:
ifconfig eth0 -arp |
Many thx for the replies guys..
One thing I'm not understanding is the internal workings of it. ARP is used to do IP-to-MAC address resolution. Is it only when a packet/frame doesn't have the destination MAC address that an ARP request is sent? Ebtables is a layer 2 filtering tool analogous to IPtables. The MAC DNAT feature only modifies outgoing packets, i.e packets that have a destination MAC address already in them. The MAC DNAT feature, which changes the destination mac address while keeping the ip address unchanged, is used to do packet redirection to a third PC before sending the packet to its destination. I believe the ARP request is issued before the MAC DNAT happens but I'm not sure and I don't know how to check this. Tried the Ebtables mailing-list but no response.. Does anyone have an idea of at what point is the ARP request issued?? Warm regards, Visham |
hi,
when a packet/frame doesn't have the destination MAC address then only an ARP request is sent. Before that when packet is built at Ethernet layer ARP cache is checked and if MAC address of destination pc found its used. I dont know whether you have seen kernel network code. but if you have seen it then you would like to see https://lists.netfilter.org/pipermai...ne/015906.html |
When you initiate a connection to another IP host, your IP stack builds an IP packet. It then looks at its route table to determine which interface the packet need to go out from.
This lookup is done recursively untill an interface is identified. So if you send a packet to 10.1.1.1 the stack first says is this packet destined to a local network?, so it looks at the route table and it says - 0.0.0.0 0.0.0.0 is via 10.1.1.10(my address) 10.1.1.0 is via eth0 The most specific match is 10.1.1.0 so the network is directly connected. So the lookup is recursed once to find out that 10.1.1.1 is via eth0. Because the interface is an Ethernet the stack now needs to build an ethernet frame. An ethernet frame requires a destination and source MAC. We know the source as its built in, but where do we get the destination MAC from?. It wasn't typed in with the "telnet 10.1.1.1" command so what do we do? We basically have to broadcast for the physical owner of 10.1.1.1, so we arp. Now its possible that in the recent pass we've already arped this host, so in order to minimise arp traffic we build a cache. So before we go arping it makes sense to check that cache to see if the information we need is in there. If it is, job done. If not, then we have to ARP for it. One upside of having the arp cache and checking it first is that we can put manual cache entries in to overide whatever the real MAC is or to permit comms to something that doesn't respond or responds incorrectly to ARP. So basically, youalways have to send an ARP request UNLESS you recently arped the same address and the result hasn't timed out of the ARP cache. (Normally after approx 15 minutes.) Or unless someone has entered a manual entry. |
Many thx for all the explanations..really helpful.
ifconfig eth0 -arp -> disables ARP but how I re-enable it? Tried issuing it again but it doesn't work. According to 'man arp', the same cmd enables/disables ARP. One more thing guys..I'm having real problems understanding how programs like iptables and ebtables, ethereal, tcpdump are written. I can't get, for example, a diagrammatic representation of how iptables interacts with the network stack. I've been told that iptables is a s/w layer above the network stack. The kernel stack is like a big pipe along which packets flow. The above programs tap into that pipe. IPtables and ebtables directly interact with the packets in that pipe whereas Ethereal and tcpdump catch the packets, make copies and then release the original packets back in the pipe. Is this right? Where can I get proper documentation on these low-level implementations? Reading source code is not very helpful because you don't know where the program starts and where it ends..there are always references to other files. Source code will be helpful only if I have an understanding of the structure of these implementations. I know many of you have vast experience in low-level programming and in using linux. What advice or pointers can you give me? Warm regards, Visham |
| All times are GMT -5. The time now is 10:41 PM. |