Re: ARP request retransmitting

From: Charles Swiger (cswiger_at_mac.com)
Date: 11/08/05

  • Next message: John-Mark Gurney: "Re: ARP request retransmitting" 
    Date: Mon, 7 Nov 2005 18:17:51 -0500
To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>

    On Nov 7, 2005, at 5:43 PM, John-Mark Gurney wrote:
    >> While that "other hand" is true, here at RPI we deal with some of
    >> those other-hand issues by simply turning them off. We turn off
    >> multi-cast by default on some of our networks, for instance. But
    >> there's no way we can turn off ARP, so I think more care needs to
    >> be taken to make sure ARP remains network-friendly.
    >
    > And most places that have VERY large number of hosts in a broadcast
    > domain (a partially populated class b), have smart switches that cache
    > arp requests, and prevent the arp traffic from killing the network...

    Really? You're saying that "tcpdump -nt arp" never shows any
    requests except those made by the local host?

    Which vendor and which switch model?

    Smart switches will generally keep track of 1000 or 4000 or so MAC
    addresses and the ports those MACs are associated with, but I am not
    aware of anything in them which blocks ARP traffic or anything else
    which uses the all-ones broadcast MAC address. I can see ARP
    requests going out from any/all of the other machines on the network
    I'm using right now (using several 3com SuperStack 3300's), and I've
    seen the same thing on networks using the HP Procurve or Cisco 29xx
    switches. 

    -- 
-Chuck
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
  • Next message: John-Mark Gurney: "Re: ARP request retransmitting"

    Relevant Pages

    • Re: MAC address spoofing - conflict?
      ... That being the case I would think that all network cards on that collision domain would get the packet. ... ARP broadcasts and the question is what will happen. ... ARP asks for an _IP_ address, not a MAC one. ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: Leopard Sidebar Question
      ... (But if you've rebooted your Mac that will clear the arp table. ... it's handy for cases like Apple which have their own network interface devices. ... For example the internal interface for my firewall box, a soerkris 4801, give me "SiByte, Inc" which doesn't really help that much, on the other hand the MAC for my Wii does return Nintendo. ... the situation is rather surprising. ...
      (comp.sys.mac.system)
    • Re: get MAC Address from IP
      ... a machine may have multiple IP addresses and multiple MAC ... Its called ARP. ... Also, IN GENERAL, it's a bad idea for code which is not running the network ... Note that the network layer won't be troubled by this change, ...
      (microsoft.public.dotnet.general)
    • Re: scan for machines in the subnet
      ... still respond to an ARP packet addressed to it's IP address. ... A switch on a meshed network can reply to ARP with it's own MAC. ... They don't change often, fortunately - but I'm reconfiguring things at the moment, and that means each manually configured server, workstation and printer must be changed. ...
      (comp.os.linux.networking)
    • Re: Using ARP to map a network
      ... to check if the mac address ... Using ARP to map a network ... > This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)