標籤:arping
1.基本原理
位址解析通訊協定,即ARP(Address Resolution Protocol),是根據IP地址擷取物理地址的一個TCP/IP協議。主機發送資訊時將包含目標IP地址的ARP請求廣播到網路上的所有主機,並接收返回訊息,以此確定目標的物理地址;收到返回訊息後將該IP地址和物理地址存入本機ARP緩衝中並保留一定時間,下次請求時直接查詢ARP緩衝以節約資源。位址解析通訊協定是建立在網路中各個主機互相信任的基礎上的,網路上的主機可以自主發送ARP應答訊息,其他主機收到應答報文時不會檢測該報文的真實性就會將其記入本機ARP緩衝;由此攻擊者就可以向某一主機發送偽ARP應答報文,使其發送的資訊無法到達預期的主機或到達錯誤的主機,這就構成了一個ARP欺騙。ARP命令可用於查詢本機ARP緩衝中IP地址和MAC地址的對應關係、添加或刪除靜態對應關係等。相關協議有RARP、代理ARP。NDP用於在IPv6中代替位址解析通訊協定。
2.arp命令
arp命令用來管理ARP緩衝
arp -v 詳細模式
$ arp -vAddress HWtype HWaddress Flags Mask Ifacexxxxx ether 00:12:da:46:34:00 C eth010.1.1.17 ether 00:16:3e:f2:38:33 C eth110.1.1.12 ether 00:16:3e:f2:37:6b C eth1Entries: 3Skipped: 0Found: 3
arp -n 顯示數字地址
$ arp -nAddress HWtype HWaddress Flags Mask Ifacexxxxxxxx ether 00:12:da:46:34:00 C eth010.1.1.13 ether 00:16:3e:f2:37:7d C eth110.1.1.18 ether 00:16:3e:f2:38:35 C eth1
arp -a 查看指定主機的IP和MAC對應關係,預設顯示全部
$ arp -a? (xxxxxxxxx) at 00:12:da:46:34:00 [ether] on eth0? (10.1.1.13) at 00:16:3e:f2:37:7d [ether] on eth1? (10.1.1.18) at 00:16:3e:f2:38:35 [ether] on eth1[[email protected] ~]$ arp -a 10.1.1.18? (10.1.1.18) at 00:16:3e:f2:38:35 [ether] on eth1
arp -d 刪除指定主機的IP和MAC對應關係
$ sudo arp -d 10.1.1.18
arp -i 只顯示指定網卡的IP和MAC對應關係
$ arp -i eth0Address HWtype HWaddress Flags Mask Ifacexxxxxxxxxxxxx ether 00:12:da:46:34:00 C eth0$ arp -i eth1Address HWtype HWaddress Flags Mask Iface10.1.1.13 ether 00:16:3e:f2:37:7d C eth110.1.1.18 ether 00:16:3e:f2:38:35 C
arp -s hostname hw_addr, --set hostname 手動設定IP和MAC的對應關係
$ sudo arp -s 10.1.1.18 00:16:3e:f2:38:35
3.arping命令
arping [ -AbDfhqUV] [ -c count] [ -w deadline] [ -s source] -I interface destination
想目標主機發送ARP請求
-A 使用ARP REPLAY替代ARP REQUEST報文
$ sudo arping -A -I eth1 -s 10.1.1.12 10.1.1.19ARPING 10.1.1.19 from 10.1.1.12 eth1Unicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 627.781msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 988.125msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 827.356msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 837.510msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 303.940ms
-b 只發送MAC層面的ARP廣播報文,正常情況下,arping先以發送ARP廣播報文方式啟動,當收到ARP REPLY報文後就轉成單播
$ sudo arping -b -I eth1 -s 10.1.1.12 10.1.1.19ARPING 10.1.1.19 from 10.1.1.12 eth1Unicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.764msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.843msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.744ms
-c 指定發送ARP REQUEST報文個數.如果再指定-w參數,arping將一直等待ARP REPLY報文,直到逾時時間截止
$ sudo arping -c 5 -I eth1 -s 10.1.1.12 10.1.1.19ARPING 10.1.1.19 from 10.1.1.12 eth1Unicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.771msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.744msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.741msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.806msUnicast reply from 10.1.1.19 [00:16:3E:F2:38:3B] 0.731msSent 5 probes (1 broadcast(s))Received 5 response(s)
-w deadline
以秒為單位指定逾時時間。
參考文檔:
http://baike.baidu.com/link?url=TrCbU1FJnpEU_MO209Dolv6X2mW09RRw9XwJHNK5YaDc0groMMAIjP-8LB6DVbXeM4H1YWQQ5QpQHyNA8tj6UjtJ77j0waYDcpcQIdJLDcy
本文出自 “Linux SA John” 部落格,請務必保留此出處http://john88wang.blog.51cto.com/2165294/1618047
Linux下ARP相關操作
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
