-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kelsay, Brian - Kansas City, MO wrote:
| The arp cache doesn't stay very long. Maybe a minute at most. IIRC | DNS cache maybe, that lasts longer. Is your router doing DNS as well as | DHCP? I ask because this is not default. You have to set both up | separately or create a hosts file on each box.
You've not messed much with proxy-arp, then, which has the effect of swapping the MAC address that's attached to a particular IP address.
It can take *HOURS* to get arp caches updated (speaking as one who has had to wait those frustrating hours after swapping out transparent proxy-arp based firewall boxes).
Fortunately, most IP stacks are dumb enough (or smart enough, depening on your perspective) to recognize unsolicited arp packets, and will then happily update their arp-cache. I now use the send_arp 'utility' (found at: http://www.insecure.org/sploits/arp.games.html ) to inform my upstream proivder whenever I swap firewalls or NICs, as it's much faster than calling their tech support and requesting they flush the arp-cache on their router (in fact, it's even a lot faster than getting someone on the phone who even understands what an arp-cache *IS* :).
If you really want to have fun, compile send_arp, and send an ARP packet with the IP of your system and a bogus MAC address to your gateway (use ip neigh show to find the proper MAC addy for your gateway)...you'll find out exactly how "short" arp cache timeouts can be, and what kind of mess you can get into when (really) low-level things get broken.
!!! - WARNING - !!! Like a lot of other low-level network tools, using send_arp incorrectly can result in VERY SERIOUS AND NASTY side effects. USE AT YOUR OWN RISK, AND WITH YOUR BRAIN ENGAGED! I do *NOT* recommend writing a script to send random MAC addresses paired with IPs on your subnet to the office firewall/gateway! Even if you *REALLY* don't like your sysadmin or the 'owner; of a particular IP!
- -- Charles Steinkuehler [email protected]