Re: How does my computer work with an empty arp table?

From: Chuck Swiger <cswiger@xxxxxxx>
Date: Tue, 12 Dec 2006 10:20:55 -0800

On Dec 12, 2006, at 10:08 AM, Javier Henderson wrote:

The ARP table only contains information about machines on the directly connected collision domain(s).

Are you sure it's not the same broadcast domain?

Yes. The term "collision domain" predates the wide deployment of switches, and switches have to treat ARPs in a special fashion:

A computer on port A on a switch would be on a different collision domain than a computer on port B on the same switch, yet as long as they're on the same VLAN (ie, broadcast domain), both would have each other in their resepctive ARP tables if they were exchanging Ethernet traffic.

...in particular, ARPOP_REQUEST traffic will be propagated to every port on the switch which is configured to be a part of that VLAN, or, quite possibly, other ports including "trunk ports" or sometimes even ports configured on other VLANs. [1]

Many switches will do this for all ethernet packets with an ether_dhost (ie, destination MAC) of all-ones.

--
-Chuck

[1]: And yes, Virginia, this has negatory implications if your security relies on VLANs to actually be completely hidden from each other.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

References:
- How does my computer work with an empty arp table?
  - From: a
- Re: How does my computer work with an empty arp table?
  - From: a
- Re: How does my computer work with an empty arp table?
  - From: Martin Alejandro Paredes Sanchez
- Re: How does my computer work with an empty arp table?
  - From: Chuck Swiger

Prev by Date: Re: POP3 conection throttle
Next by Date: Re: Backing up FREEBSD
Previous by thread: Re: How does my computer work with an empty arp table?
Next by thread: missing pkg-descr
Index(es):
- Date
- Thread

Relevant Pages

Re: Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing
... VLAN Pair mode uses one interface only and this is the only supported ... The ECLB feature allows you to load balance upto eight Cisco IPS ... All ports will be part of the same etherchannel ... All servers are connected to the backbone switches via another ...
(Focus-IDS)
Re: how to have reduntant IP on AIX Server 5.2
... Can both the ports of the adapter have same ip connected to two ... different ports on two different switches in the same VLAN. ... In a failover etherchannel configuration the network ports are ...
(comp.unix.aix)
Re: VLAN on Cisco Catalyst
... I have several Catalyst 2950 switches in my network ... commanding higher security in the same physical space ... connected to other Catalysts are set to Trunk mode, and ports towards ... Most of the obvious vlan hopping attacks were ...
(comp.security.misc)
Re: Failover with two switches ..
... There is a significant security risk to doing this. ... You could inadvertently place an inside device on an outside VLAN ... Just configure the switches ... Physically label the ports if you must. ...
(comp.dcom.sys.cisco)
Re: about mirroring port
... number of them with the SPAN feature enabled and multiple spanned ports ... monitored by multiple instances of snort on a single Compaq box with very ... Subject: about mirroring port ... Higher end switches may work better. ...
(Focus-IDS)