Software, technology, sysadmin war stories, and more. Feed
Thursday, October 25, 2012

Stupid ARP tricks

Let's say you have a really crazy request. You need to make sure packets for a certain host or network are always sent to a specific MAC address. The usual approach of just adding a route and letting the network figure it out just isn't good enough for some reason. You need to hotwire things so your box hands it off to just that one target and nobody else.

I may or may not have done this in the past for some nefarious purpose. In case anyone else ever needs this, here's a way to do it on Linux, back from the days before all of these fancy schmancy iptables extensions.

First, pick a sacrificial network that you don't care about ever being able to reach. RFC 1918 space works well for this. Then, add an alias to one of your existing interfaces to put your machine in this network.

# ifconfig eth0:0 netmask

Next, make up a phony host in that same network and give it a static ARP entry with the right hardware address.

# arp -s 00:11:22:33:44:55

Finally, add a route for the target network to that phony host.

# route add -net a.b.c.0/24 gw

That's it. You have now set up something that is very, very evil, or at least useful for learning about how routing actually works on your system. Enjoy!