Date: Tue, 02 Jan 2001 07:01:49 -0800 From: Julian Elischer <julian@elischer.org> To: Alfred Perlstein <bright@wintelcom.net> Cc: =?iso-8859-1?Q?F=E9lix=2DAntoine?= Paradis <reel@sympatico.ca>, hackers@FreeBSD.ORG Subject: Re: ARP question. Message-ID: <3A51ED5D.F5724A99@elischer.org> References: <5.0.2.1.0.20010102023010.00a101f0@pop6.sympatico.ca> <20010101234324.Z19572@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Perlstein wrote:
>
> * Félix-Antoine Paradis <reel@sympatico.ca> [010101 23:28] wrote:
> > Hi,
> > When we do a "dmesg" on a 4.2-STABLE box, we get:
> >
> > arp: 200.42.126.18 moved from 00:e0:7d:7b:53:f0 to 00:c0:df:f4:ac:05 on ed0
> >
> > and, in ifconfig, it says:
> >
> > ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > inet 200.42.126.20 netmask 0xffffff00 broadcast 200.42.126.255
> > inet6 fe80::2e0:7dff:fe7b:548a%ed0 prefixlen 64 scopeid 0x1
> > ether 00:e0:7d:7b:54:8a
> >
> > ed0 is connected to a switch. we want to know what the "arp: " message
> > means. on the linux box, we have:
> >
> > eth0 Link encap:Ethernet HWaddr 00:C0:DF:F4:AC:05
> > inet addr:200.42.126.18 Bcast:200.42.126.23 Mask:255.255.255.248
> > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
> > RX packets:12738748 errors:0 dropped:0 overruns:0 frame:556
> > TX packets:4014499 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:172394 txqueuelen:100
> > Interrupt:10 Base address:0xe800
> > eth1 Link encap:Ethernet HWaddr 00:E0:7D:7B:53:F0
> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > RX packets:3634104 errors:0 dropped:0 overruns:0 frame:4
> > TX packets:3842298 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:197818 txqueuelen:100
> > Interrupt:12 Base address:0xec00
> > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> >
> > Both eth0 and eth1 are connected to that same switch.
If they are receiving each other's broadcasts then arp will get upset.
(As you noticed)
>
> You should check /var/log/messages for the datestamp.
>
> Basically it means someone took someone's arp address either by
> 1) taking the IP from a different machine.
> 2) telling a machine to change its hardware address.
>
> --
> -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
> "I have the heart of a child; I keep it in a jar on my desk."
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000
---> X_.---._/ from Perth, presently in: Budapest
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A51ED5D.F5724A99>