ARP (short for "Address Resolution Protocol") is a network protocol used to map an IP network address to a corresponding hardware MAC address. When host X wants to communicate host Y, X first broadcasts an ARP request on its local network, to obtain Y's MAC address. Once X receives ARP reply containing Y's MAC address, X uses the information to construct Ethernet frames destined for Y.
The IP/MAC address mapping information so obtained is cached in local ARP table, so that ARP query process can be omitted subsequently.
Problems can arise when for whatever reason, host X does not receive ARP replies for a destination host Y with which it wishes to communicate. In other cases, ARP replies come in, but contain a MAC address associated with an incorrect host Z. Such corrupted ARP replies will result in traffic hijacking, where traffic that should have been sent to Y ends up arriving at host Z.
When dealing with these kinds of ARP-induced abnormal situations, it's useful to be able to add static ARP entries manually on locally cached ARP table. When a MAC address of a destination host Y is found in local ARP table, there is no need to send out ARP requests.
To add a static ARP entry to local ARP table:
This commands tells local ARP table that the host with IP address 10.0.0.2 has MAC address 00:0c:29:c0:94:bf. Once you have configured a static ARP entry, you can verify that.
? (192.168.10.47) at e0:db:55:ce:13:f1 [ether] on eth0 ? (192.168.10.1) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at 00:0c:29:c0:94:bf [ether] PERM on eth1
As you can see above, the statically configured ARP entry correctly shows up, marked as "PERM" in the ARP table.
To delete a static ARP entry from local ARP table:
$ arp -a -n ? (184.108.40.206) at e0:db:55:ce:13:f1 [ether] on eth0 ? (220.127.116.11) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at <incomplete> on eth1
Note that any ARP entry added by arp command at run time like above does not remain persistently across reboots. In order to add a static ARP entry permanently, what you can do is to load ARP entries from an external file automatically when a network interface is up. For that, first create a file that contains static ARP entries.
00:0c:29:c0:94:bf 10.0.0.2 00:0c:59:44:f0:a0 10.0.0.5 . . . .
The arp command allows you to load any external file using "-f" option.
Now you need to set the above command to be run automatically when a given network interface (e.g., eth0) is up. There are distribution-specific ways to run a startup command for network interfaces. Following are distribution-specific examples.
Here I assume that you are not using NetworkManager on your Linux system. So if you are using NetworkManager, you will have to disable it first.
On Ubuntu, Debian or Mint, add the following entry in /etc/network/interfaces:
iface wlan0 inet dhcp . . . post-up arp -f /etc/ethers
On CentOS, RHEL or Fedora, create the following executable script:
#!/bin/sh if [[ "$1" == "eth0" ]] then arp -f /etc/ethers else #DO_NOTHING fi
Subscribe to Xmodulo
You can have daily Linux tutorials and FAQs delivered to your email inbox. Simply enter your email address below to subscribe to our mailing list. You will receive hands-on guides and carefully written tutorials related to Linux, everything for free.