download

Network Configuration—BasicsThere may be cases where you need to disable the ARP discovery on your network(for example. to prevent ARP poisoning attack) and you should manually updatethe ARP database. In this case, you can use the arp –s command to add static ARPentries to ARP table. The following is an example of adding a static entry to theARP table:# arp -s 172.21.0.50 00:04:aa:bb:cc:ddThe static entries are marked with the permanent tag, which means the entries willnot be expired and automatically removed. To verify the result, you should check theARP database:# arp -an? (172.21.0.13) at 00:10:db:58:4d:49 on bge1 [ethernet]? (172.21.0.1) at 00:11:0a:9c:fe:c5 on bge1 [ethernet]? (172.21.0.50) at 00:04:aa:bb:cc:dd on bge1 permanent [ethernet]A static ARP entry can also be "published", which means that the host will act as anARP server and answer ARP queries for the address you specify, even if the addressdoes not belong to the host. Basically, this is the ARP proxy behavior and the hostcan selectively perform as an ARP proxy for specific addresses:# arp -s 172.21.0.50 00:04:aa:bb:cc:dd pubThe arp(8) utility can be used to selectively respond to ARP requests forpublished ARP entries. However, if you want your host to act as an ARPProxy for all addresses, you should set the net.link.ether.inet.proxyall sysctl variable to one.TcpdumpThe tcpdump(1) utility is an advanced network troubleshooting tool that isintegrated into the FreeBSD's base system. It uses the libpcap library to listen ona specific network interface and sniffs for all packets that are passing through thenetwork interface. If the network interface is in promiscuous mode, the tcpdump willreceive any traffic that is passing from the network adapter, regardless of its sourceor the destination address.The output of tcpdump can be simply printed on stdout (in different levels ofverbosity) in real-time or can be saved in a file for later analysis.[ 126 ]