farpd(8) [debian man page]
ARPD(8) BSD System Manager's Manual ARPD(8) NAME
farpd -- ARP reply daemon SYNOPSIS
farpd [-d] [-i interface] [net ...] DESCRIPTION
farpd replies to any ARP request for an IP address matching the specified destination net with the hardware MAC address of the specified interface, but only after determining if another host already claims it. Any IP address claimed by farpd is eventually forgotten after a period of inactivity or after a hard timeout, and is relinquished if the real owner shows up. This enables a single host to claim all unassigned addresses on a LAN for network monitoring or simulation. farpd exits on an interrupt or termination signal. Note: The program name farpd has been changed in Debian GNU/Linux from the original name (arpd) to avoid name clash with other ARP daemons. The options are as follows: -d Do not daemonize, and enable verbose debugging messages. -i interface Listen on interface. If unspecified, farpd searches the system interface list for the lowest numbered, configured ``up'' interface (excluding loopback). net The IP address or network (specified in CIDR notation) or IP address ranges to claim (e.g. ``10.0.0.3'', ``10.0.0.0/16'' or ``10.0.0.5-10.0.0.15''). If unspecified, farpd will attempt to claim any IP address it sees an ARP request for. Mutiple addresses may be specified. FILES
/var/run/farpd.pid SEE ALSO
pcapd(8), synackd(8) BUGS
farpd will respond too slowly to ARP requests for some applications. In order to ensure that it does not claim existing IP addresses it will send two ARP request and wait for a reply. This slowness affects the nmap network scanning tool, and possibly others, which uses by default ARP when scanning local networks. The answers from farpd will come after the tool has timeout waiting for the ARP replies and, consequently, IP addresses claimed by farpd will not be discovered. Additionally, farpd sends the ARP replies to the broadcast address of the network and not to the host that send the ARP request. Some systems and applications (notably nmap) will not handled these requests and expect directed ARP replies (i.e. targeted specifically to the host that sent the request and not to the network) AUTHORS
Dug Song <dugsong@monkey.org>, Niels Provos <provos@citi.umich.edu> August 4, 2001
Check Out this Related Man Page
arp(4p) arp(4p) Name arp - Address Resolution Protocol Syntax pseudo-device ether Description The ARP protocol is used to map dynamically between DARPA Internet and 10Mb/s Ethernet addresses. It is used by all the 10Mb/s Ethernet interface drivers. The ARP protocol caches Internet-Ethernet address mappings. When an interface requests a mapping for an address not in the cache, ARP queues the message which requires the mapping and broadcasts a message on the associated network requesting the address mapping. If a response is provided, the new mapping is cached and any pending messages are transmitted. The ARP protocol queues only the most recently ``transmitted'' packet while waiting for a mapping request to be responded to. To enable communications with systems which do not use ARP, ioctls are provided to enter and delete entries in the Internet-to-Ethernet tables. The usage is: #include <sys/ioctl.h> #include <sys/socket.h> #include <net/if.h> struct arpreq arpreq; ioctl(s, SIOCSARP, (caddr_t)&arpreq); ioctl(s, SIOCGARP, (caddr_t)&arpreq); ioctl(s, SIOCDARP, (caddr_t)&arpreq); Each ioctl takes the same structure as an argument. SIOCSARP sets an ARP entry, SIOCGARP gets an ARP entry, and SIOCDARP deletes an ARP entry. These ioctls may be applied to any socket descriptor s, but only by the superuser. The arpreq structure contains: /* * ARP ioctl request */ struct arpreq { struct sockaddr arp_pa; /* protocol address */ struct sockaddr arp_ha; /* hardware address */ int arp_flags; /* flags */ }; /* arp_flags field values */ #define ATF_COM 2 /* completed entry (arp_ha valid) */ #define ATF_PERM 4 /* permanent entry */ #define ATF_PUBL 8 /* publish (respond for other host) */ The address family for the arp_pa sockaddr must be AF_INET; for the arp_ha sockaddr, it must be AF_UNSPEC. The only flag bits that can be written are ATF_PERM and ATF_PUBL. ATF_PERM causes the entry to be permanent if the ioctl call succeeds. The ioctl may fail if more than four permanent Internet host addresses hash to the same slot. ATF_PUBL specifies that the ARP code should respond to ARP requests for the indicated host coming from other machines. This lets a SUN act as an ARP server, which can be used to make an ARP-only machine talk to a non-ARP machine. The ARP protocol watches passively for a host that responds to an ARP mapping request for the local host's address. Restrictions ARP packets on the Ethernet use only 42 bytes of data. The smallest legal Ethernet packet is 60 bytes, however, not including CRC. Some systems may not enforce the minimum packet size. Diagnostics duplicate IP address!! sent from Ethernet address: %x:%x:%x:%x:%x:%x ARP has discovered another host on the local network that responds to mapping requests for its own Internet address. See Also inet(4f), arp(8c), ifconfig(8c) arp(4p)