Posted by: Anonymous Coward
on December 22, 2005 07:33 PM
ARP is a protocol that associates IP addresses with their (usually Ethernet) hardware address.
ICMP is a communication protocol designed to send a packet to a remote host and receive a response.
ARP has no relevance outside of the current network segment or across any type of router, because the information is not exchanged. ARP works by caching IP->HW address information; recent changes to the network may not be identified.
All arping does is forces a check for the association (by sending a broadcast packet) requesting a resolution for the IP address, and it expects the hardware ethernet address in response. The response to that broadcast information may not come from the true host (although arping will report the resoinse source). But it's perfectly possible for the response to come from a router or other host on the network; the response could even have been masqueraded to appear to come from your host. And that host may be mistaken about the association anyway, because the only data it has is in a cache which may be out of date.
Because arping is limited to broadcasting for IP->HW data it is completely unable to verify the *actual* availability of the host. The host could be down, have recently disconnected from the network, or arping may report erroneous unavailability just because it never got a response for the association request.
For example, arping will be unable to verify if localhost is available, because 127.0.0.1 is never associated with your hardware ethernet address; it's a purely logical association within the network drivers/kernel.
Basically, using ARP and arping is about as useful as looking up the contents of your<nobr> <wbr></nobr>/etc/ethers on the basis that the information in there *may* be correct. Looking in<nobr> <wbr></nobr>/etc/ethers won't tell you the availability of the host you are looking for either.
Since arping is unable to communicate beyond your local segment or router, using arping for anything beyond checking hardware ethernet->IP addresses is a complete waste of time.
ICMP *IS* useful both within and beyond your current network segment because it actually sends packets through the normal routing mechanism to the destination host. ping does not send a broadcast asking if anybody knows the host, it actually tries to communicate with the host. ping will also correctly resolve logical hosts like localhost and correctly report whether localhost is communicable - vital, in some circumstances, to verify if network is working correctly.
What ping/ICMP is unable to do is determine whether the lack of a response from the host is because it's down or because ICMP packets are disabled or filtered. You can at least route traceroute to determine how far your ICMP data is getting if you don't get a response.
Using ping does, at least, actually try to contact the host.
Oh, and ARP reports the *DEVICES* that may have been configured with the same IP address, not the *HOST* as stated in the article; both devices could be in the same host and could, theoretically, be perfectly valid. That doesn't mean arping is not useful, but there is a big difference between network device and host.
Learn about Linux
Download Linux
Get Linux help
ARP and ICMP are two completely different beasts
Posted by: Anonymous Coward on December 22, 2005 07:33 PMICMP is a communication protocol designed to send a packet to a remote host and receive a response.
ARP has no relevance outside of the current network segment or across any type of router, because the information is not exchanged. ARP works by caching IP->HW address information; recent changes to the network may not be identified.
All arping does is forces a check for the association (by sending a broadcast packet) requesting a resolution for the IP address, and it expects the hardware ethernet address in response. The response to that broadcast information may not come from the true host (although arping will report the resoinse source). But it's perfectly possible for the response to come from a router or other host on the network; the response could even have been masqueraded to appear to come from your host. And that host may be mistaken about the association anyway, because the only data it has is in a cache which may be out of date.
Because arping is limited to broadcasting for IP->HW data it is completely unable to verify the *actual* availability of the host. The host could be down, have recently disconnected from the network, or arping may report erroneous unavailability just because it never got a response for the association request.
For example, arping will be unable to verify if localhost is available, because 127.0.0.1 is never associated with your hardware ethernet address; it's a purely logical association within the network drivers/kernel.
Basically, using ARP and arping is about as useful as looking up the contents of your<nobr> <wbr></nobr>/etc/ethers on the basis that the information in there *may* be correct. Looking in<nobr> <wbr></nobr>/etc/ethers won't tell you the availability of the host you are looking for either.
Since arping is unable to communicate beyond your local segment or router, using arping for anything beyond checking hardware ethernet->IP addresses is a complete waste of time.
ICMP *IS* useful both within and beyond your current network segment because it actually sends packets through the normal routing mechanism to the destination host. ping does not send a broadcast asking if anybody knows the host, it actually tries to communicate with the host. ping will also correctly resolve logical hosts like localhost and correctly report whether localhost is communicable - vital, in some circumstances, to verify if network is working correctly.
What ping/ICMP is unable to do is determine whether the lack of a response from the host is because it's down or because ICMP packets are disabled or filtered. You can at least route traceroute to determine how far your ICMP data is getting if you don't get a response.
Using ping does, at least, actually try to contact the host.
Oh, and ARP reports the *DEVICES* that may have been configured with the same IP address, not the *HOST* as stated in the article; both devices could be in the same host and could, theoretically, be perfectly valid. That doesn't mean arping is not useful, but there is a big difference between network device and host.
#