Sending ARP request to unicast MAC instead of broadcast MAC address?
Crist.Clark at globalstar.com
Thu Jun 17 17:57:46 UTC 2010
>>> On 6/16/2010 at 3:57 PM, Chris Woodfield <rekoil at semihuman.com> wrote:
> OK, this sounds Really Wacky (or, Really Hacky if you're into puns) but
> there's a reason for it, I swear...
> Will typical OSS UNIX kernels (Linux, BSD, MacOS X, etc) reply to a crafted
> ARP request that, instead of having FF:FF:FF:FF:FF:FF as its destination MAC
> address, is instead sent to the already-known unicast MAC address of the host?
> Next, what would be your utility of choice for crafting such a packet? Or is
> this something one would need to code up by hand in a lower-level language?
Unicast ARP requests are considered normal. See Section 188.8.131.52 of
RFC1122, "ARP Cache Validation." Specifically,
Four mechanisms have been used, sometimes in
combination, to flush out-of-date cache entries.
(2) Unicast Poll -- Actively poll the remote host by
periodically sending a point-to-point ARP Request
to it, and delete the entry if no ARP Reply is
received from N successive polls. Again, the
timeout should be on the order of a minute, and
typically N is 2.
More information about the NANOG