Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

farpd(8) [debian man page]

ARPD(8) 						    BSD System Manager's Manual 						   ARPD(8)

NAME

     farpd -- ARP reply daemon

SYNOPSIS

     farpd [-d] [-i interface] [net ...]

DESCRIPTION

     farpd replies to any ARP request for an IP address matching the specified destination net with the hardware MAC address of the specified
     interface, but only after determining if another host already claims it.

     Any IP address claimed by farpd is eventually forgotten after a period of inactivity or after a hard timeout, and is relinquished if the real
     owner shows up.

     This enables a single host to claim all unassigned addresses on a LAN for network monitoring or simulation.

     farpd exits on an interrupt or termination signal.

     Note: The program name farpd has been changed in Debian GNU/Linux from the original name (arpd) to avoid name clash with other ARP daemons.

     The options are as follows:

     -d      Do not daemonize, and enable verbose debugging messages.

     -i interface
	     Listen on interface.  If unspecified, farpd searches the system interface list for the lowest numbered, configured ``up'' interface
	     (excluding loopback).

     net     The IP address or network (specified in CIDR notation) or IP address ranges to claim (e.g. ``10.0.0.3'', ``10.0.0.0/16'' or
	     ``10.0.0.5-10.0.0.15''). If unspecified, farpd will attempt to claim any IP address it sees an ARP request for.  Mutiple addresses
	     may be specified.

FILES

     /var/run/farpd.pid

SEE ALSO

     pcapd(8), synackd(8)

BUGS

     farpd will respond too slowly to ARP requests for some applications. In order to ensure that it does not claim existing IP addresses it will
     send two ARP request and wait for a reply. This slowness affects the nmap network scanning tool, and possibly others, which uses by default
     ARP when scanning local networks. The answers from farpd will come after the tool has timeout waiting for the ARP replies and, consequently,
     IP addresses claimed by farpd will not be discovered.

     Additionally, farpd sends the ARP replies to the broadcast address of the network and not to the host that send the ARP request. Some systems
     and applications (notably nmap) will not handled these requests and expect directed ARP replies (i.e. targeted specifically to the host that
     sent the request and not to the network)

AUTHORS

     Dug Song <dugsong@monkey.org>, Niels Provos <provos@citi.umich.edu>

								  August 4, 2001

Check Out this Related Man Page

arp(4p) 																   arp(4p)

Name
       arp - Address Resolution Protocol

Syntax
       pseudo-device ether

Description
       The  ARP  protocol  is used to map dynamically between DARPA Internet and 10Mb/s Ethernet addresses.  It is used by all the 10Mb/s Ethernet
       interface drivers.

       The ARP protocol caches Internet-Ethernet address mappings.  When an interface requests a mapping for an address  not  in  the  cache,  ARP
       queues  the  message  which  requires  the mapping and broadcasts a message on the associated network requesting the address mapping.  If a
       response is provided, the new mapping is cached and any pending messages are transmitted.  The ARP protocol queues only the  most  recently
       ``transmitted'' packet while waiting for a mapping request to be responded to.

       To  enable  communications  with  systems which do not use ARP, ioctls are provided to enter and delete entries in the Internet-to-Ethernet
       tables.	The usage is:
       #include <sys/ioctl.h>
       #include <sys/socket.h>
       #include <net/if.h>
       struct arpreq arpreq;

       ioctl(s, SIOCSARP, (caddr_t)&arpreq);
       ioctl(s, SIOCGARP, (caddr_t)&arpreq);
       ioctl(s, SIOCDARP, (caddr_t)&arpreq);

       Each ioctl takes the same structure as an argument.  SIOCSARP sets an ARP entry, SIOCGARP gets an ARP entry, and SIOCDARP  deletes  an  ARP
       entry.  These ioctls may be applied to any socket descriptor s, but only by the superuser.  The arpreq structure contains:
       /*
	* ARP ioctl request
	*/
       struct arpreq {
	   struct sockaddr   arp_pa;	 /* protocol address */
	   struct sockaddr   arp_ha;	 /* hardware address */
	   int		     arp_flags;  /* flags */
       };
       /*  arp_flags field values */
       #define ATF_COM	2   /* completed entry (arp_ha valid) */
       #define	 ATF_PERM 4   /* permanent entry */
       #define	 ATF_PUBL 8   /* publish (respond for other host) */

       The  address family for the arp_pa sockaddr must be AF_INET; for the arp_ha sockaddr, it must be AF_UNSPEC.  The only flag bits that can be
       written are ATF_PERM and ATF_PUBL.  ATF_PERM causes the entry to be permanent if the ioctl call succeeds.  The ioctl may fail if more  than
       four  permanent Internet host addresses hash to the same slot.  ATF_PUBL specifies that the ARP code should respond to ARP requests for the
       indicated host coming from other machines.  This lets a SUN act as an ARP server, which can be used to make an ARP-only machine talk  to  a
       non-ARP machine.

       The ARP protocol watches passively for a host that responds to an ARP mapping request for the local host's address.

Restrictions
       ARP  packets  on the Ethernet use only 42 bytes of data.  The smallest legal Ethernet packet is 60 bytes, however, not including CRC.  Some
       systems may not enforce the minimum packet size.

Diagnostics
       duplicate IP address!! sent from Ethernet address: %x:%x:%x:%x:%x:%x
       ARP has discovered another host on the local network that responds to mapping requests for its own Internet address.

See Also
       inet(4f), arp(8c), ifconfig(8c)

																	   arp(4p)
Man Page