How do you stop a machine from doing "arp" requests?

How do you stop a machine from doing "arp" requests?

Post by Jim Valavani » Wed, 12 Mar 1997 04:00:00



I have learned from TCPDUMP program that the following occurs...

 # tcpdump -i eth0
       tcpdump: listening on eth0
       13:51:36.168219 arp who-has gw.vk2ktj.ampr.org tell
albert.vk2ktj.ampr.or
       13:51:36.193830 arp reply gw.vk2ktj.ampr.org is-at
2:60:8c:9c:ec:d4

This is directly out of the NET-2-HOWTO from SLACKWARE 3.0.

" The first two lines in the sample are what an arp request from
albert.vk2ktj for gw.vk2ktj look like. "

This arp request causes  the machine albert to dial out via an ISDN line
automatically.

Can I somehow stop this arp request from occurring?  
I imagined the arp table would get destroyed after sometime but this is
not the case.  

I am running Linux 2.0.26 on the machine.

Thanks in advance.

Jim
--
____________________________________________________________________


  \   Kessler/Asher Group at     |   phone (312)786-4779         /
   \  the CBOE                   |   fax (312)786-4776          /      
    ______  _______  _________       __        __       ______
   / ____/ /__  __/ /___  ___/      / /       / /      / ____/
  / /        / /       / /  _____  / /       / /      / /
 / /____  __/ /__     / /  /____/ / /_____  / /____  / /____
/______/ /______/    /_/         /_______/ /______/ /______/

 
 
 

How do you stop a machine from doing "arp" requests?

Post by Jim Valavani » Wed, 12 Mar 1997 04:00:00



> I have learned from TCPDUMP program that the following occurs...

>  # tcpdump -i eth0
>        tcpdump: listening on eth0
>        13:51:36.168219 arp who-has gw.vk2ktj.ampr.org tell
> albert.vk2ktj.ampr.or
>        13:51:36.193830 arp reply gw.vk2ktj.ampr.org is-at
> 2:60:8c:9c:ec:d4

> This is directly out of the NET-2-HOWTO from SLACKWARE 3.0.

> " The first two lines in the sample are what an arp request from
> albert.vk2ktj for gw.vk2ktj look like. "

> This arp request causes  the machine albert to dial out via an ISDN line
> automatically.

> Can I somehow stop this arp request from occurring?
> I imagined the arp table would get destroyed after sometime but this is
> not the case.

> I am running Linux 2.0.26 on the machine.

> Thanks in advance.

> Jim

Well,
I discovered that there is a kernel parameter defined in
/usr/src/linux/net/inet/arp.c and /usr/src/linux/net/ipv4/arp.c that
controls the arp timeout values...

this is the piece of code that includes these parameters:

/*
 *      Configurable Parameters (don't touch unless you know what you
are doing
 */

/*
 *      If an arp request is send, ARP_RES_TIME is the timeout value
until the
 *      next request is send.
 */

#define ARP_RES_TIME            (250*(HZ/10))

/*
 *      The number of times an arp request is send, until the host is
 *      considered unreachable.
 */

#define ARP_MAX_TRIES           3

/*
 *      After that time, an unused entry is deleted from the arp table.
 */

#define ARP_TIMEOUT             (600*HZ)

/*
 *      How often is the function 'arp_check_retries' called.
 *      An entry is invalidated in the time between ARP_TIMEOUT and
 *      (ARP_TIMEOUT+ARP_CHECK_INTERVAL).
 */

#define ARP_CHECK_INTERVAL      (60 * HZ)

I want the arp retry to be disabled on this particular machine since it
is connected to a dumb ISDN box that autodials every time an arp request
is sent.  

From this code segment, what would be the best way to accomplish this?

Of course, I will play around with it and recompile the kernel and see
if I can resolve this.

Any advice about setting these values?

Thanks again,

Jim
--
____________________________________________________________________


  \   Kessler/Asher Group at     |   phone (312)786-4779         /
   \  the CBOE                   |   fax (312)786-4776          /      
    ______  _______  _________       __        __       ______
   / ____/ /__  __/ /___  ___/      / /       / /      / ____/
  / /        / /       / /  _____  / /       / /      / /
 / /____  __/ /__     / /  /____/ / /_____  / /____  / /____
/______/ /______/    /_/         /_______/ /______/ /______/

 
 
 

How do you stop a machine from doing "arp" requests?

Post by Robert Woodco » Tue, 25 Mar 1997 04:00:00



Quote:>13:51:36.168219 arp who-has gw.vk2ktj.ampr.org tell albert.vk2ktj.ampr.or
>13:51:36.193830 arp reply gw.vk2ktj.ampr.org is-at 2:60:8c:9c:ec:d4
[...]
>This arp request causes  the machine albert to dial out via an ISDN line
>automatically.

>Can I somehow stop this arp request from occurring?  

Something is trying to contact gw. Find out what and kill it.

Or you could narrow your netmask to force Linux to think gw isn't on the
local network. (This may cause problems...)
--

We learn from history that we do not learn from history.
        -- Georg Hegel