摩托學園討論區

[flybird]

代碼: 選擇全部

//------------------------------------------------------------------------------------------------------------
13:05:38.541727 arp who-has 61.57.147.99 tell 61.57.147.254
13:05:38.541794 arp who-has 61.57.147.197 tell 61.57.147.254
13:05:38.542409 IP cvs.soc.idv.32788 > eldns2.3a.net.tw.domain:  58203+ PTR? 99.147.57.61.in-addr.arpa. (43)
13:05:38.553823 IP eldns2.3a.net.tw.domain > cvs.soc.idv.32788:  58203 NXDomain 0/1/0 (102)
13:05:38.554526 IP cvs.soc.idv.32788 > eldns2.3a.net.tw.domain:  58204+ PTR? 197.147.57.61.in-addr.arpa. (44)
13:05:38.556985 IP eldns2.3a.net.tw.domain > cvs.soc.idv.32788:  58204 NXDomain 0/1/0 (103)
13:05:53.545138 arp who-has 61.57.147.99 tell 61.57.147.254
13:05:53.545205 arp who-has 61.57.147.197 tell 61.57.147.254


常看到網卡動不動就閃一下
好奇的 tcpdump 之後；發現都是這些無關的封包
已藉由 rcconf 將 arpwatch demand 關掉；卻仍然會收到 ARP 封包！
請問我能讓這些封包別再來騷擾我嗎？

[訪客]

You can take a look at what is ARP: http://en.wikipedia.org/wiki/Address_Re ... n_Protocol

ARP is used to find hardware link address when only target's IP address is known. So on the same network segment, any host will broadcast with the target IP address (e.g., "who has 61.57.147.99 ...") in looking for target host and expecting a reply. (Then cache/ update it if necessary)

This is efficiently to query network information. Otherwise, a centric server is required to maintain entire hosts on the network, which is risky and an overhead of maintainability. Therefore, if you turn it off, it means either you are disconnected from the network or the network is broken down.