ARP requests on my net?

Les Mikesell lesmikesell at gmail.com
Wed Apr 5 03:58:13 UTC 2006


On Tue, 2006-04-04 at 22:22, Mike McCarty wrote:
> > 
> > TCP works over all kinds of media.  Some kinds are point-to-point
> 
> Yes, AIUI, TCP is layer 4. IP, Frame Relay, SLIP, PPP, etc.
> can form the layer 3.

And any of those that can have multiple endpoints have their
own way of individually addressing them.

>  Ethernet is a broadcast
> > media where all stations on the subnet could see what any of
> > them send, but they don't want to.  The MAC address lets
> > everything that doesn't want your packet ignore it efficiently,
> > and to put the MAC address in the packet the sender must
> > first find the one corresponding to the TCP address via ARP.
> 
> So my Linux machine is asking for router's MAC address so it
> can dump packets destined for the router? That might make sense
> on a 10 Base 2, yes, because everyone would see all messages
> (that didn't collide, that is :-) 

Ethernet still acts the same as it did on coax.  You aren't
doing point-to-point at the hardware layer just because
the 10/100Base-T jacks work that way.

> But the message is coming
> from IP, because it knows its own IP address. Why would IP be
> putting layer 2 addresses into messages?

It has to, if it wants to deliver over media that needs them.
Just like IPX or Appletalk (etc.) would have to in order to
use ethernet.

> HTTP, SMTP, FTP, etc.
> TCP
> IP (ICMP)
> LAN/PPP/Frame Relay/ATM or etc.
> physical
> 
> In this case, the LAN protocol is "ethernet", which needs to
> know its own MAC, and that of its gateway. Anything not matching the
> MAC should be dumped. With a semi-intelligent board the board itself
> should dump packets not destined for its MAC. 

Yes, that's the point, packets that aren't broadcast/multicast or
destined for that MAC address are ignored efficiently.  And
unwanted multicast is usually ignored fairly efficiently.

> Is it the case that
> layer 1 is asking for its gateway MAC? Somehow, this looks like
> mixed layers to me. It looks like IP is asking for a MAC which
> it doesn't need. Or does IP need the MAC of the destination
> to instruct layer 1 where to send to the gateway?

Not just it's gateway - it needs the MAC address to deliver
any packet to any specific address on the local lan.  TCP
knows about ethernet, not the other way around.  When
TCP needs to send on the local subnet, it constructs an
ethernet packet, and it needs the destination MAC to
do that - and it uses ARP to get it when needed.  If it
is sending to something off the local net, then it still
needs to send to the router via ethernet so it ARP's the
gateway MAC address but constructs the packet with the
real destination IP. 

> Is it presuming
> that the gateway (router) may have gone down, and another device
> with a different MAC may have taken over, and been assigned the
> same IP via DHCP?

Most devices other than routers have a very short arp cache
time to allow you to change devices and addresses.  Routers
can cache up to 20 minutes.  If you aren't aware of this it
can cause trouble when you try to quickly swap in a replacment
machine or ethernet card.

-- 
  Les Mikesell
   lesmikesell at gmail.com





More information about the users mailing list