Difference between revisions of "NAD710 Lab 2 Answers"
(10 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
+ | Referring page - [[NAD710 Lab 2]] | ||
+ | |||
'''1. What is the effect of the first "ifconfig ethxx down" command on the system's ARP cache ?''' | '''1. What is the effect of the first "ifconfig ethxx down" command on the system's ARP cache ?''' | ||
− | + | The arp table becomes empty after the first "ifconfig eth1 down". | |
− | |||
− | The arp table becomes empty after the first "ifconfig eth1 down" | ||
[root@localhost ~]# arp -n | [root@localhost ~]# arp -n | ||
Line 16: | Line 16: | ||
'''2. What command disable ARP on a network interface?''' | '''2. What command disable ARP on a network interface?''' | ||
− | + | To disable ARP on a network interface named 'ethxxx', one would use a command of the following form: | |
− | |||
− | To disable ARP on a network interface named 'ethxxx', one would use a command of the form | ||
+ | ifconfig ethxxx -arp | ||
'''3. How do you enable ARP on a network interface if it has been disabled?''' | '''3. How do you enable ARP on a network interface if it has been disabled?''' | ||
− | + | To re-enable ARP on a network interface named 'ethxxx', one would use a command of the following form: | |
− | + | ifconfig ethxxx arp | |
'''4. What is the consequence of disabling ARP on a network interface?''' | '''4. What is the consequence of disabling ARP on a network interface?''' | ||
− | + | If ARP has been disabled on a network interface, ARP packets recieved by that interface will be dropped. This prevents the machine from either resolving the corresponding MAC address for a particular IP address or from responding to a requisition for such resolution. | |
+ | |||
+ | '''5. How do you manually add an entry to the ARP cache?''' | ||
+ | |||
+ | To manually add an entry to the ARP table, one would issue a command in the following form: | ||
+ | |||
+ | arp -s nnn.nnn.nnn.nnn xx:xx:xx:xx:xx:xx | ||
+ | |||
+ | where 'xx:xx:xx:xx:xx:xx' is the MAC address you are attempting to add and 'nnn.nnn.nnn.nnn' is the corresponding IP address. | ||
+ | |||
+ | '''6. What would be the possible advantage of disabling ARP on a network interface?''' | ||
+ | |||
+ | Disabling ARP on a network interface can be used to prevent a high-security server from being accessed by unauthorized hosts. While this is to some extent 'security through obscurity', in practice it is difficult to guess the MAC address of the desired host if it refuses to respond to one's ARP requests. In order to make a connection to such a host the MAC addresses from both the source and destination computer are manually placed in each other's ARP cache using the command described in question 5. | ||
+ | |||
+ | '''7. Describe the procedure you used in determining the life time of an ARP cache entry on a Linux system.''' | ||
+ | |||
+ | * Turn on two linux machines and get it's ip address and mac address | ||
+ | |||
+ | * In computer A, erase all the arp table | ||
+ | |||
+ | # ifconfig eth0 -arp | ||
+ | # ifconfig eth0 arp | ||
+ | |||
+ | * ping -c 1 <computer B>;date;script;date | ||
+ | |||
+ | ''The function of the script is to keep reading the output of the arp cache (arp -n command) each second until the mac address of the computer B disappear'' | ||
+ | |||
+ | A variation on the above involves three simple steps: | ||
+ | 1 Increase the scrollback in the terminal to 2000 lines | ||
+ | 2 Issue the ping command to refresh the ARP cache | ||
+ | 3 Issue the following command into the shell: | ||
+ | while x=0; do echo -n ''; ip neighbor show; date; sleep 1; done | ||
+ | The shell will display the ARP cache status and the time, every second. When the ARP cache entry times out, hit <CTRL><C> to stop the display and then figure out the difference between the start and end times. | ||
+ | |||
+ | * After disabling the cache, you can issue the command ip neighbour show <ip of Comp B> | ||
+ | when the cache is still there its is gonna show 172.16.1.2 dev eth1 lladdr 00:16:76:32:07:12 PERMENANT (never expires;never verified), then it changes state to STALE (STALE means still usable :needs verification), then the arp cache is lost. It took approx, less then 3 mins for arp cache timeout. Then when you give the command arp -na, the cache is empty | ||
+ | |||
+ | |||
+ | * How to change ARP cache timeout ? | ||
+ | |||
+ | A file called gc_stale_time defines the timeout for arp cache. You can find this file in /proc/sys/net/ipv4/neigh/eth1 | ||
− | + | [[Category:LUX]] [[Category:NAD]] |
Latest revision as of 11:26, 24 September 2008
Referring page - NAD710 Lab 2
1. What is the effect of the first "ifconfig ethxx down" command on the system's ARP cache ?
The arp table becomes empty after the first "ifconfig eth1 down".
[root@localhost ~]# arp -n Address HWtype HWaddress Flags Mask Iface 142.204.141.131 ether 00:0E:7F:3C:A8:F3 C eth1 142.204.141.129 ether 00:0E:0C:4B:31:5C C eth1 [root@localhost ~]# ifconfig eth1 down [root@localhost ~]# arp -n [root@localhost ~]# ifconfig eth1 up [root@localhost ~]# arp -n
2. What command disable ARP on a network interface?
To disable ARP on a network interface named 'ethxxx', one would use a command of the following form:
ifconfig ethxxx -arp
3. How do you enable ARP on a network interface if it has been disabled?
To re-enable ARP on a network interface named 'ethxxx', one would use a command of the following form:
ifconfig ethxxx arp
4. What is the consequence of disabling ARP on a network interface?
If ARP has been disabled on a network interface, ARP packets recieved by that interface will be dropped. This prevents the machine from either resolving the corresponding MAC address for a particular IP address or from responding to a requisition for such resolution.
5. How do you manually add an entry to the ARP cache?
To manually add an entry to the ARP table, one would issue a command in the following form:
arp -s nnn.nnn.nnn.nnn xx:xx:xx:xx:xx:xx
where 'xx:xx:xx:xx:xx:xx' is the MAC address you are attempting to add and 'nnn.nnn.nnn.nnn' is the corresponding IP address.
6. What would be the possible advantage of disabling ARP on a network interface?
Disabling ARP on a network interface can be used to prevent a high-security server from being accessed by unauthorized hosts. While this is to some extent 'security through obscurity', in practice it is difficult to guess the MAC address of the desired host if it refuses to respond to one's ARP requests. In order to make a connection to such a host the MAC addresses from both the source and destination computer are manually placed in each other's ARP cache using the command described in question 5.
7. Describe the procedure you used in determining the life time of an ARP cache entry on a Linux system.
- Turn on two linux machines and get it's ip address and mac address
- In computer A, erase all the arp table
# ifconfig eth0 -arp # ifconfig eth0 arp
- ping -c 1 <computer B>;date;script;date
The function of the script is to keep reading the output of the arp cache (arp -n command) each second until the mac address of the computer B disappear
A variation on the above involves three simple steps:
1 Increase the scrollback in the terminal to 2000 lines 2 Issue the ping command to refresh the ARP cache 3 Issue the following command into the shell: while x=0; do echo -n ; ip neighbor show; date; sleep 1; done
The shell will display the ARP cache status and the time, every second. When the ARP cache entry times out, hit <CTRL><C> to stop the display and then figure out the difference between the start and end times.
- After disabling the cache, you can issue the command ip neighbour show <ip of Comp B>
when the cache is still there its is gonna show 172.16.1.2 dev eth1 lladdr 00:16:76:32:07:12 PERMENANT (never expires;never verified), then it changes state to STALE (STALE means still usable :needs verification), then the arp cache is lost. It took approx, less then 3 mins for arp cache timeout. Then when you give the command arp -na, the cache is empty
- How to change ARP cache timeout ?
A file called gc_stale_time defines the timeout for arp cache. You can find this file in /proc/sys/net/ipv4/neigh/eth1