首頁 » 所有內容

arping

由 datahunter 在 一, 17/11/2008 - 20:54 發表

最後更新: 2015-07-02

用另一個 interface 去 Ping

 

ping -I eth1  192.168.88.177

P.S.

sub-interface 是用唔到的 ...

 

Arping

 

version: 2.09

opts:

-S <IP>         # set source IP address (多數與 -p 一起用)
                     (arping unanswered if the target does not have routing to the IP)

-b                  # source address (255.255.255.255).

-i interface     # use the specified interface

-s MAC           # Set source MAC address (多數與 -p 一起用)

-p                  # Turn  on promiscious mode on interface
                         ( use this if you don't "own" the MAC address you are using )

-d                  # Find duplicate replies. Exit with 1 if there are answers  from  two  different  MAC addresses.

Example1: Ping blocked icmp server

arping -S 192.168.88.151 192.168.88.18

ARPING 192.168.88.18
60 bytes from 00:0c:29:e9:7f:8a (192.168.88.18): index=0 time=435.412 usec
60 bytes from 00:0c:29:e9:7f:8a (192.168.88.18): index=1 time=412.679 usec
60 bytes from 00:0c:29:e9:7f:8a (192.168.88.18): index=2 time=360.865 usec

 

所以 tcpdump -i eth0 icmp 是看不到有 package 的

不過 tcpdump -i eth0 arp 就有以下 result

18:59:02.175781 ARP, Request who-has 192.168.88.18 tell 192.168.88.151, length 46
18:59:02.175807 ARP, Reply 192.168.88.18 is-at 00:0c:29:e9:7f:8a, length 28

 

Example2:  Send ARP REQUEST to a neighbor host

arping -S <IP-B> -s <MAC-B> <IP-C>

arping -S <IP-B> -s <MAC-B> -p <MAC-A>

arping -S 203.xxx.xxx.175 -s 00:0c:29:3b:xx:xx -p 203.xxx.xxx.161

 

 

ARP timeout

 

server:~# cat /proc/sys/net/ipv4/route/gc_timeout

300

server:~# cat /proc/sys/net/ipv4/neigh/*/gc_stale_time

60

server:~# ip -s neighbor list

192.168.88.1 dev vmbr0 lladdr 00:d0:cf:0c:xx:85 ref 5 used 212/212/15 probes 1 STALE
192.168.88.30 dev vmbr0 lladdr 00:d0:cf:0c:xx:85 ref 3 used 20/15/15 probes 1 REACHABLE
192.168.88.172 dev vmbr0 lladdr 00:18:1f:10:xx:7a ref 3 used 4/54/4 probes 1 DELAY
192.168.88.177 dev vmbr0 lladdr 00:07:e9:3e:xx:d3 ref 2 used 31/0/26 probes 1 REACHABLE

 

* If the entry is in the STALE state, it will also be updated by unsolicited ARP replies

state    meaning                                  
stale    still usable; needs verification    

action if used:

reset use counter; change state to delay-->probe-->incomplete(discovery period)--> failed

 

DOC:

http://linux-ip.net/html/ether-arp.html

 

 

 

 

»

Creative Commons license icon Creative Commons license icon