Stack Overflow
Stack Overflow

Questions tagged [arp]

ARP is a protocol for resolution of network layer addresses such as IP into link layer addresses (such as MAC addresses). "arp" is also a command in Linux and Windows to manipulate the ARP cache.

Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC826 in 1982.
It is also the name of the program for manipulating these addresses in most operating systems.

603 questions
7
votes
3 answers

Filter packets in network stack while sniffing packets on Linux?

I have a question for the Low-level networking/Linux gurus, I have to build two tools for a security project at my university. The first tool is an ARP Poisonning attacker which will poison the ARP cache from a remote host in order to retrieve the…
Halim Qarroum
  • 13,985
  • 4
  • 46
  • 71
7
votes
2 answers

tcpdump filter out arp and all stp packets

I need to capture on an interface with tcpdump and filter out all arp and stp/rstp packets. I tried this command, which does filter out arp, but I still see rstp packets: tcpdump -n -i ens224 not arp and not stp Also tried this, still see rstp…
Dave
  • 727
  • 1
  • 9
  • 20
7
votes
1 answer

Why ARP requests a non-local address?

I have a Linux virtual server with 2 NICs. eth0 eth1 arp_filter is turned on and rp_filter is set to be 2(loose mode). Policy-routing is configured as the following: table T1 default via dev eth0 src 127.0.0.0/8 dev…
dastan
  • 1,006
  • 1
  • 16
  • 36
7
votes
1 answer

How to query IPv6 NDP (neighbor discovery protocol) table for a specific neighbor

I am using Linux and trying to figure out how to query (via an API) the NDP table for a specific entry. The only example I have found so far (in the source for iproute2) uses Netlink and gets the entire table. Is there a way to query Netlink for a…
Tommy
  • 245
  • 4
  • 11
6
votes
1 answer

BPF expression to capture only arp-reply packets

Is there a BPF expression that would only capture arp-reply packets? Currently, I am using Pcap4J and the following BPF expression: arp and dst host host and ether dst mac where host is the IP address of my device and mac is the MAC address of my…
rolling_codes
  • 15,174
  • 22
  • 76
  • 112
6
votes
1 answer

using libnet to send ARP request, but arp cache won't update after getting the ARP reply

I need to look up MAC address in the local network and I'm using Linux. What I do is send a ARP request with libnet, but after I send 3 requests, the cache still won't update. I use wireshark to catch the packets. From wireshark, I did get 3 ARP…
Aitjcize
  • 187
  • 1
  • 8
6
votes
1 answer

What does mean the "permanent" word in the "arp -a" output?

I'm trying to learn the ARP protocol. My idea about ARP is that it is a protocol that help addressing the IP to the exact MAC Address. But when I try to do: arp -a Which I think it will show the list of IP addresses and the matching MAC addresses.…
Tree Nguyen
  • 1,198
  • 1
  • 14
  • 37
6
votes
0 answers

Arp spoofing not working against iPhone, iPad, or Mac

I have an iPhone 4 and iPad 3 both running iOS 7.0.4 and MacBook Pro Retina running OS 10.9.1. I want to write a sniffer program, and have been trying to ARP spoof these devices, but their traffic does not seem to be appearing in Wireshark. I have…
Garrett
  • 5,580
  • 2
  • 31
  • 47
6
votes
1 answer

Detect ARP poisoning using scapy

I have captured some traffic and stored on a .pcap file. In there, an ARP poisoning attack occured. Is there a way of detecting the attacker's IP and MAC adress and victim's IP and MAC adress using scapy in a python script?
Dimitris S
  • 135
  • 1
  • 13
6
votes
2 answers

ARP Timeouts. Why fixed periodic?

This one's been bugging me for years. Basic question: Is there some reason ARP has to be implemented with fixed timeouts on ARP cache entries? I do a lot of work in Real Time ciricles. We do most of our inter-system communications these days on…
T.E.D.
  • 44,016
  • 10
  • 73
  • 134
6
votes
2 answers

Getting ARP table on iPhone/iPad

I am trying to get the ARP entries on my iPad like here. When compiling the code to run on my iPad (so not the simulator) I am getting missing header error messages. You can resolve them by copying the header files into you project locally as…
Richard Schiks
  • 353
  • 1
  • 4
  • 7
5
votes
1 answer

Why aren't ARP or ICMPv6 packets processed by a Linux TAP device

I am opening a TAP device using p->fd = open("/dev/net/tun", O_RDWR); // skipping error handling code ifr.ifr_flags = IFF_TAP | IFF_ONE_QUEUE | IFF_NO_PI; strncpy(ifr.ifr_name, p->name, IFNAMSIZ-1); result = ioctl(p->fd, TUNSETIFF, &ifr); //…
aufather
  • 651
  • 2
  • 7
  • 9
5
votes
1 answer

Do routers use ARP Table?

I thought about this for a while and I don't seem to find an answer. Let's say that two routers are connected to each other, their ARP Table is empty as well as their Routing Table. Now, to be clear, hosts use the ARP table to find the MAC Address…
AestheticCode
  • 115
  • 1
  • 7
5
votes
0 answers

What does "en0 ifscope [ethernet] " mean when run "arp -a" command in OS terminal?

I run 'arp -a' and get the following message back: apples-MacBook-Air-2:~ apple$ arp -a hitronhub.home (192.168.0.1) at ac:20:2e:73:d4:42 on en0 ifscope [ethernet] ? (192.168.0.254) at 0:55:7b:b5:7d:f7 on en0 ifscope [ethernet] ? (192.168.0.255) at…
Siyu Zhao
  • 51
  • 1
  • 2
5
votes
3 answers

Resolving MAC address for IP address using C++ on Linux

I need to generate an Ethernet header that includes the destination MAC address, (since libnfnetlink gives only the IP header before prerouting takes place), the outgoing interface number is also known, so the lookup can be made in the correct…
kagali-san
  • 2,964
  • 7
  • 48
  • 87
1
2
3
40 41