On Thu, 2010-12-09 at 08:32 -0500, Adam Tauno Williams wrote:
On Wed, 2010-12-08 at 16:49 -0600, David G. Mackay wrote:
On Wed, 2010-12-08 at 10:41 -0500, Adam Tauno Williams wrote:
On Wed, 2010-12-08 at 09:37 -0600, David G. Mackay wrote:
On Wed, 2010-12-08 at 10:01 +0100, David Sommerseth wrote:
Nope, ARP is gone. But it gets a replacement as a part of IPv6, instead of ARP being an addition to IPv4. http://itkia.com/how-to-arp-a-in-ipv6/ http://www.tcpipguide.com/free/t_TCPIPIPv6NeighborDiscoveryProtocolND.htm
I have a question about how IPV6 interacts with the switches in the local network. Right now, my sub $50(US) gigabit switch from any of several vendors keeps an arp table to determine which switch port a message will use. With the huge address space available with IPV6, how is that going to work, and when am I going to get a cheap soho switch that can handle IPV6?
The switch will continue to operate using the MAC# of the client interfaces. The switch doesn't care about IPv4, IPv6, or IPX for that matter [unless you enabled vLANs or managment features - which is a different issue].
Maybe that's the case for my little cheapo soho switch.
The switch does not maintain an "arp table". It maintains a list of MAC#s it has seen on each port.
Sorry, but that's certainly incorrect for the higher end switches.
Hence: "unless you enabled vLANs or managment features - which is a different issue".
Yes, or perhaps a layer 3 switching device.
I've accessed the arp table on several different brands of switches. Also, look up ARP poisoning.
If the switch has an IPv4 management interface then it has, by definition, an ARP table. ARP is how IPv4 works on Ethernet. This doesn't mean [necessarily] that the switching mechanism is using the ARP table to route packets. If 802.1x or some type of protection scheme is not in place all one has to do is forge the MAC address on any traffic to 'confuse' the switch. Specifically ARP cache poising is required to get an IPv4 host to misdirect its traffic to another host on the subnet.
It is very fun to play with this, and Linux makes is pretty easy.
ip link set address xx:xx:xx:xx:xx:xx dev eth0
Take a look at ettercap. The idea is to use arp poisoning to overflow the switch's arp table so that the switch gives up and becomes a hub, sending traffic out of every port, which allows your friendly local hacker to view all of the traffic from every port on the switch. And no, you don't have to use vlans for this to work.
Let me throw in a disclaimer that it's been over a decade since I played network manager on a good-sized network that had this kind of gear, so things have changed a bit since then. Hopefully, some of the cracks have been sealed.
Dave