|
Hi,
I'm now using tcpdump and ethereal to
monitor network traffic on a PC which runs RedHat Linux 7.1, this PC
and another 3 PCs with the same configuration are all plugged into a 10Mbps
hub (a small Ethernet), their IP address is 10.0.1.11, 10.0.1.12, 10.0.1.13,
10.0.1.14 respectively.
Now I have two questions:
1. I tried the following: telnet 10.0.1.33 (which
is not existent), and I captured all ARP packets. The problem is: I tried telnet
3 times, 1st time I got 3 ARP packets before telnet gave up, 2nd and 3rd time I
got 6 ARP packets. My question is: What is the mechanism in the ARP that decides
when to quit after several unsuccessful ARP request?
2. I set 2 PCs' IP address to 10.0.1.22 (PC1 and
PC2), so there is duplicate IP address, then I used the 3rd PC(PC 3) to telnet
10.1.0.22, and I captured all packets to and from the PC3, the result
is not what I expected. From the captured data, I can see that PC1 first
sent back a ARP reply to PC3 with its MAC address, then PC3 sent a SYN tcp
packet to PC1 (trying to set up a connection), and then PC2 (with duplicate IP
address) also sent back a ARP reply with its MAC address to PC3. Question is: it
seems that ARP reply from PC2 was just ignored by PC3. PC3 went on to set up a
TCP connection with PC1 and then started sending data to PC1. I expected that
ARP reply from PC2 would update PC3's ARP cache with PC2's MAC, so all the
packets from PC3 to 10.0.1.22 should then be directed to PC2. The test result is
quite different from what I thought, did I misunderstand something
here?
Thanks a lot,
Robert
|
