Date: Wed, 4 Sep 1996 10:33:24 -0500 (CDT) From: dnelson@emsphone.com (Dan Nelson) To: deischen@iworks.InterWorks.org (Daniel M. Eischen) Cc: paul@nation-net.com, questions@freebsd.org Subject: Re: arp info overwritten Message-ID: <199609041533.KAA08591@dan.emsphone.com> In-Reply-To: <9609041351.AA12869@iworks.InterWorks.org> from "Daniel M. Eischen" at Sep 4, 96 08:51:59 am
next in thread | previous in thread | raw e-mail | index | archive | help
in the last episode, Daniel M. Eischen said: > > Is this message anything to worry about? > > The 2 IPs are machines in our class C. > > > > arp info overwritten for 194.159.125.100 by 00:05:02:44:5f:d1 > > arp info overwritten for 194.159.125.110 by 00:05:02:54:3f:54 > > Well, it depends on if you use those machines or not ;-) > > We've got a couple of FreeBSD PCs sitting in a building full of PCs > and Macs in the same subnet. We see this happen at least once a > month and logged by our FreeBSD PCs. Usually we can determine which > machines are at fault by using tcpdump on the affected ethernet MAC > addresses and by browsing shared DIRs (and similar > [...] > I don't know any other way of doing it (unless the adminstrators have > a list of all the machines and their MAC addresses). Maybe there's a > better way? If you keep a list of the ethernet addresses of all your machines in /etc/ethers, the following patch will let the arp command display ethernet addresses symbolically. Then you can ping your broadcast address to fill your route/arp table, and display the results with arp -a. A similar patch could probably be made to netstat (for the -r output). for example, my machine arps as dan.emsphone.com (199.67.51.101) at E_dan permanent since in /etc/ethers, I have 00:00:c0:ed:34:c7 E_dan -Dan Nelson dnelson@emsphone.com --- /usr/src/usr.sbin/arp/arp.c Thu Feb 8 15:05:52 1996 +++ /usr/tmp/arp.c Mon Jul 29 18:07:03 1996 @@ -441,10 +441,18 @@ } } +/* + * Print an ethernet address in symbolic form, or numeric if there is no name + */ void ether_print(u_char *cp) { + char name[100]; + + if (ether_ntohost(name, cp)) printf("%x:%x:%x:%x:%x:%x", cp[0], cp[1], cp[2], cp[3], cp[4], cp[5]); + else + printf("%s", name); } int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609041533.KAA08591>