ARP requests on my net?

[Ed Greshko]

Mike McCarty wrote:
> Ed Greshko wrote:
>> Mike McCarty wrote:
> 
> [snip]
> 
>>> So my Linux machine is asking for router's MAC address so it
>>> can dump packets destined for the router? 
>>
>>
>> Ahhh....no.....
>>
>> It is asking for the MAC address so it can dump packets destined for the
>> *next hop*.
> 
> But my machine is not configured to be a router, bridge, or gateway.
> Doesn't mean that it isn't prepared to be one, I know.
> But why would it need the MAC for the router?

I fear we are going round and round without knowing what the goal is...

Your original question was:

18:33:05.599443 arp who-has router tell 172.17.205.79
18:33:05.599732 arp reply router is-at 00:11:95:0b:cc:28

and what was that all about.....

I did ask that you give IP address and not names...but never mind.

To translate the question being asked...it is a "broadcast" message
going out to every host locally connected and is shouting out:

who has IP address XX.XX.XX.XX?  Please tell me!
 where me=172.17.205.79.

If you type "arp -n" or just "arp" you may get a sense.  Why not include
those sort of things in your responses so some sense can be made?

> 
>> When it arrives at your router, the router determines that the IP
>> address in the IP portion of the header is not its IP address.  It will
>> determine the next hop's MAC address...many different ways to do
>> this...and send the packet on its way.  This is repeated over and over
>> until the *destination IP* address is reached.
> 
> Yes, my machine is the destination IP.
> 
> Umm, maybe a little more concreteness would help...
> 
> [PSTN]<-ADSL-LINE->[DSL MODEM]<-E-NET->[ROUTER]<-E-NET->[COMPUTER]
> 
> There is not and cannot be a "next hop". The computer is a terminal.
> The only connection my computer has is to the router. I realize
> that the setup does not necessarily take this into account.

The router *is* the next hop for any packet destined for the "internet".

> So, can you tell me what message the computer is trying to
> be able to dump, and how knowing the MAC address of the router
> would help?

As I mentioned....even if you left you system "idle" and were not doing
any communication with the internet the OS will occasionally ARP for the
MAC address of the default route.  The "default" route is the IP address
of your router.  Do "netstat -r" or "netstat -rn".

> Is this because ethernet is broadcast? Again, ISTM that the
> hardware could dump messages not destined for self at MAC
> level. Messages which are temporarily destined for self
> only for passing along to another device closer to the destination
> need routing at IP level to get closer to destination, not
> dumping.
> 
> Sorry if I seem dense.
> 
>> traceroute www.google.com
>>
>> will give you an idea of how many times that could happen.
> 
> I'm familiar with traceroute.
> 
> Mike


-- 
It's not enough to be able to pick up a sword. You have to know which end to
poke into the enemy.
(Lords and Ladies)