0

I'm executing the arp -a command on CentOS 7 in order to translate an IP address to a MAC address (since I can't access the source MAC of the layer 2 frame in Java).

I see a lot of cases where the ARP table doesn't include an entry for the IP address when the request is received (for example and HTTP request or a DNS request). However, it looks like the entry is added before the response is sent, probably because the host needs to determine the destination MAC address to send the frame.

I'm looking for a way to let CentOS create these entries when a frame is received, using the source MAC address.

mdpc
  • 11,856
  • 28
  • 53
  • 67
manash
  • 159
  • 2
  • 10
  • Simply receiving a frame will not create or update an ARP table entry. It must be an ARP packet, either a broadcast request, or a seen response. An ARP table entry will be created by ARP request/response before an IPv4 packet is sent if there is not already a corresponding ARP table entry. Also, in most cases, an OS will time out ARP table entries after a specified period. – Ron Maupin Nov 19 '18 at 21:32
  • See _[RFC 826, An Ethernet Address Resolution Protocol](https://tools.ietf.org/html/rfc826)_. – Ron Maupin Nov 19 '18 at 21:34
  • I believe that the arp table timeout (unless reconfigured) is about 20 minutes. – mdpc Nov 19 '18 at 22:57

1 Answers1

2

The arp command when run as the root user has the facility to delete and add entries into the mapping table locally.

However, I'd advise against this unless you have some type of special need. An application like Java is well down into the higher levels are the networking architecture and thus would generally not be needed. So I'd be a little puzzled about needing the MAC address at the application level (generally level 7) to do anything that would be network meaningful.

mdpc
  • 11,856
  • 28
  • 53
  • 67
  • We use the MAC address for authentication in this case. We would love to use the IP address but it may change over time. – manash Nov 19 '18 at 22:21
  • @MickaelMarrache, that is foolish. There is nothing secure about a MAC address. It is very simple to spoof a MAC address. – Ron Maupin Nov 19 '18 at 22:28
  • 1
    In fact, a MAC address for a specific host can change depending on the network configuration at the time. Basically it points to the next hop in the chain to get to the final destination which could be a router or load-balanced routing. In fact, it is possible for the same MAC address to be had for more than one IP number for packet routing purposes. – mdpc Nov 19 '18 at 22:34
  • 1
    I have seen Applications use the ADAPTER MAC address which is not necessarily the MAC address shown in `arp`. The specific adapter MAC is obtained on the server by getting the system configuration by a program such as `ifconfig`. Again, I hate these types of licensing situations since MAC addresses can be easily changed without difficulty. – mdpc Nov 19 '18 at 22:36
  • @mdpc I took that into account. The sender and receiver are on the same subnet. No layer 3 equipment in the middle. – manash Nov 20 '18 at 04:56
  • @MickaelMarrache, ARP is a separate process with its own Ether Type (`0x0806`). Frames received without the ARP Ether Type, e.g. IPv4 Ether Type `0x0800`, will not be sent to the ARP process, they will be sent to the process defined by the Ether Type, which is why those frames will not update the ARP table. – Ron Maupin Nov 20 '18 at 19:40