Reading the ARP cache table

Reading the ARP cache table

Post by Ramy Asseli » Sat, 06 Dec 2003 03:04:07



I would like to read the ARP cache table programatically using Linux.

In Stevens Unix Network Programming Vol 1, he uses the sysctl function to
access the ARP cache entries.
But I can't find the required constants NET_RT_FLAGS AND RT_LLINFO! :(

Thanks!
Ramy

P.S. I found code that does this in ~FreeBSD~

<http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2003-08/0133.html>

#include <sys/file.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <arpa/inet.h>
#include <err.h>
#include <stdio.h>
#include <stdlib.h>

#define ROUNDUP(a) \
        ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
int
main(int argc, char *argv[])
{
        int mib[6];
        size_t needed;
        char *lim, *buf, *next;
        if (argc != 1) {
                (void)fprintf(stderr, "Usage: %s\n", argv[0]);
                exit(1);
        }

        mib[0] = CTL_NET;
        mib[1] = PF_ROUTE;
        mib[2] = 0;
        mib[3] = AF_INET;
        mib[4] = NET_RT_FLAGS;
        mib[5] = RTF_LLINFO;
        if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
                errx(1, "route-sysctl-estimate");
        if ((buf = malloc(needed)) == NULL)
                errx(1, "malloc");
        if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
                errx(1, "actual retrieval of routing table");

        lim = buf + needed;
        next = buf;
        while (next < lim) {
                struct rt_msghdr *rtm = (struct rt_msghdr *)next;
                struct sockaddr_inarp *sinarp = (struct sockaddr_inarp
*)(rtm + 1);
                struct sockaddr_dl *sdl =
                        (struct sockaddr_dl *)((char *)sinarp +
ROUNDUP(sinarp->sin_len));
                if (sdl->sdl_alen) { /* complete ARP entry */
                        printf("%s at ", inet_ntoa(sinarp->sin_addr));
                        printf("%s", ether_ntoa((struct ether_addr
*)LLADDR(sdl)));
                        printf("\n");
                }
                next += rtm->rtm_msglen;
        }
        free(buf);
        return(0);

Quote:}

 
 
 

Reading the ARP cache table

Post by Jim Fische » Sat, 06 Dec 2003 13:52:55



> I would like to read the ARP cache table programatically using Linux.

> In Stevens Unix Network Programming Vol 1, he uses the sysctl function
> to access the ARP cache entries.
> But I can't find the required constants NET_RT_FLAGS AND RT_LLINFO! :(

> Thanks!
> Ramy

> P.S. I found code that does this in ~FreeBSD~

> <http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2003-08/0133.html>

> [snip]

A good place to start would be the source code for the arp(8) program
itself. On Linux boxes, the arp(8) program is usually installed via the
'net-tools' package. Here's a Freshmeat page for the 'net-tools' stuff:

    http://freshmeat.net/projects/net-tools/?topic_id=150

--
Jim

To reply by email, remove "link" and change "now.here" to "yahoo"
jfischer_link5809{at}now.here.com

 
 
 

Reading the ARP cache table

Post by Leon » Sat, 06 Dec 2003 14:42:38



Quote:> I would like to read the ARP cache table programatically using Linux.

> In Stevens Unix Network Programming Vol 1, he uses the sysctl function to
> access the ARP cache entries.
> But I can't find the required constants NET_RT_FLAGS AND RT_LLINFO! :(

A way to get started is to  run 'strace arp '.
You can then see the system calls the arp command makes.

Or you can get the source code to the arp command.

 
 
 

1. MAC address does not show up on the telco's ARP table caches

// __ 20050915 14:15
 Hi,

 I am using as ISP that uses the telephone/DSL network from the local
telco to provide their clients with broadband/DSL access (they do
provide a better/marginally cheaper service).

 The thing is that I am repeatedly (and way too often) kicked off the
net in ways that even my ISP tech suppost considers to be "very
strange"

 I know I am connected to the Net because if I run ethereal setting my
card on promiscuos mode (I am connecting to the Net directly), I can
see the whole traffic of what is going on on my domain. I must be a
heck of a guesser to make up an ethereal ethernet traffic log.

 They have told me things like:

 ._ your MAC address does not show on the telco's cache.

 ._ your MAC does temporarily show on their ARP table cache
sometimes(?!), but as an imcomplete address

 ._ their ARP tables also show lots of different MAC addresses assigned
to you that are actually not yours

 Also my ISP has a procedure to refresh your NIC's MAC addresses that I
have used to no avail. I have even tried using dirrent NICs on X86
boxes and even a Mac.

 What could be the 'technical' reasons why this could be happening?

 Thanks
 dennishartman

2. NETGEAR FA410 Can PING out can't be PING'd

3. arp cache problems/arp ip walks

4. "autoexec" for Linux

5. how to read arp cache?

6. log.smb entries

7. How to read a text format table into a table in database?

8. Proc table and file table

9. clear ARP Cache on Linux Firwall

10. ARP table does not update

11. arp cache timeout

12. expiring arp cache on linux

13. confused: I have two arp table entries!