James Knott wrote:
> Neil Horman wrote:
>
>
>>James Knott wrote:
>>
>>>I often use Ethereal on my notebook computer, to monitor networks.
>>>However, one thing I see, is my own computer arping for the router I
>>>normally use. Is there any way to stop the arp requests, when I'm
>>>monitoring a different network?
>>>
>>>tnx jk
>>>
>>
>>In /proc/sys/net/ipv4/neigh, there are subdirectories for each network
>>interface you have. In each subdirectory there are three files
>>(app_solicit, ucast_solicit and mcast_solicit). These files control how
>>many times the linux kernel will request an arp address from a userspace
>> application (via netlink), via a unicast arp request, and a broadcast
>>arp request respectively. If you set the contents of all three of these
>>files to zero for a particular interface, you will disable arp on that
>>interface.
>
>
> tnx
>
> I'll have to give that a try.
>
> BTW, I notice that app_solicit is already 0.
>
yes app_solicit is 0 by default, because by default the linux kernel
preforms arp resolution in the kernel. It is possible however to write
an arp daemon which generates arp traffic and manages the kernel arp
table from user space. This can be done via the netlink protocol (see
man (rt)netlink and man 7 (rt)netlink). When you set app_solicit > 0 it
causes the kernel to send a RTM_GETNEIGH request over the netlink
protocl app_solicit number of times, which a user space app can listen
to for use in generating network arp requests. If those requests go
unfufilled, the kernel uses the ucast_solicit and mcast_solicit values
to send unicast arp requests (if the host was known) or broadcast arp
requests (if the hosts was not previously known) on the network itself.
HTH
Neil
--
Neil Horman
Red Hat, Inc.,
http://people.redhat.com/nhorman
gpg keyid: 1024D / 0x92A74FA1,
http://www.keyserver.net
Similar Threads
Linear Mode
