ARP requests on my net?

Les Mikesell lesmikesell at gmail.com
Wed Apr 5 05:54:46 UTC 2006 

On Wed, 2006-04-05 at 00:22, Mike McCarty wrote:

> >>So my Linux machine is asking for router's MAC address so it
> >>can dump packets destined for the router? That might make sense
> >>on a 10 Base 2, yes, because everyone would see all messages
> >>(that didn't collide, that is :-) 
> > 
> > 
> > Ethernet still acts the same as it did on coax.  You aren't
> > doing point-to-point at the hardware layer just because
> > the 10/100Base-T jacks work that way.
> 
> Of course. But this has nothing to do with dumping packets in
> the IP layer. (I realize that you're not the one who suggested
> that this was the reason.)

If the IP layer is using ethernet, then it has to
construct the ethernet frame to deliver it.

> > Yes, that's the point, packets that aren't broadcast/multicast or
> > destined for that MAC address are ignored efficiently.  And
> > unwanted multicast is usually ignored fairly efficiently.
> 
> Ok, so why is the IP layer asking the router for its MAC? So it
> can send to its gateway? That makes sense, but has nothing
> to do with dumping packets. Or does it?

It needs the MAC address to deliver a packet.  ARP is the
way it gets that address (send a broadcast with the IP
address and get the answer from the corresponding ethernet
address).  Those are the packets you are seeing and they
are necessary before constructing any non-broadcast
packets.

> > 
> > Not just it's gateway - it needs the MAC address to deliver
> > any packet to any specific address on the local lan.  TCP
> > knows about ethernet, not the other way around.  When
> 
> Presumably you mean that IP knows about ethernet.

Yes, technically TCP builds a TCP packet inside an IP
packet inside an ethernet frame but it's not as cleanly
separated as the books might imply.

> But what has this to do with dumping packets not destined for
> me? IOW, what you say makes sense for routing out, but not
> for dumping packets.

I'm not sure what you mean.  If you get a tcp packet you'll
send an ack back to the destination.  And you'll do it the
hard way by looking up the IP address in your route table
and then constructing an ethernet packet with either the
MAC address of a local target or the MAC address of the
appropriate router from your route table.


> Fine. My machine is querying its gateway to know how to route.

No, it has already decided how to route.  It found that
from the local route table at the IP level. 

> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> 169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
> 172.17.0.0      *               255.255.0.0     U     0      0        0 eth0
> default         router          0.0.0.0         UG    0      0        0 eth0
> 
> And it does it every two minutes, apparently.

That's normal - you wouldn't want to wait longer for things
to work if you replaced your router.

> But that has nothing to do with dumping packets, does it?

Yes, it has to send the arp and get the response before
it can send the real packet to an IP target.

-- 
  Les Mikesell
   lesmikesell at gmail.com

More information about the fedora-list mailing list