利用arping发广播包

arping的-b参数用于发送以太网广播帧(FFFFFFFFFFFF)。arping一开始使用广播地址,在收到响应后就使用unicast地址,但下面的试验实际上192.168.129.76已经是k2-a的IP,所以在k2-a上发送arping广播包向网络询问谁用了192.168.129.76这个IP,实际上k2-a会一直得不到回应的,所以k2-a将一直发送该广播包,利用跟这个机制,可以用arping一直发送广播包,这样就可以check同网段的其他host是否收到了广播包,从而check网络是不是通的,重要的是比较同网段的不同host接收次广播包时是否有差异,例如某些host收到了广播包,但没有触发网卡中断,而另外的host是正常触发的。

在k2-a上发广播包(会一直得不到响应):
root@k2-a:~# arping -I eth1 192.168.129.76 -b &
[1] 1840
ARPING to 192.168.129.76 from 192.168.129.76 via eth1
root@k2-a-:~# tcpdump -i eth1 -ne
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
07:47:37.258138 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:38.258196 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:39.258253 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:40.258308 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:41.258362 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:42.258418 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:43.258473 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:44.258529 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:45.258586 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:46.258646 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:47.258702 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28
07:47:48.258763 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 28

在其他同网段host,如k2-b包上收到了广播包,但不会回应k2-a(可以看出下面没有抓到reply数据包),因为k2-b没有使用192.168.129.76这个IP:
root@k2-b:~# tcpdump -i eth1 -ne
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
07:27:53.071421 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:54.071471 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:55.071516 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:56.071606 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:57.071655 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:58.071704 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:27:59.071753 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:28:00.071801 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:28:01.071849 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:28:02.071897 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42

在其他同网段host,如axm包上收到了广播包,但不会回应k2-a(可以看出下面没有抓到reply数据包),因为axm没有使用192.168.129.76这个IP:
root@axm:~# tcpdump -i eth1 -ne   
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
07:31:43.701817 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:44.701867 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:45.701960 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:46.702010 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:47.702057 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:48.702106 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:49.702154 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:50.702204 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
07:31:51.702250 60:a8:ff:3c:cb:a0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 56: Request who-has 192.168.129.76 (ff:ff:ff:ff:ff:ff) tell 192.168.129.76, length 42
阅读更多

更多精彩内容