Wireshark Gratuitous ARP

Question

I'm playing around with scapy and wireshark and I have sent a packet to a destination that does not exist (10.0.2.14). Wireshark shows an ARP attempt to resolve the address but as its not there the ICMP packet sends to 10.0.2.14 anyway (what happens here? is it forwarded to the gateway and left for the gateway to discard after the TTL runs out?) The final packet has a description of Gratuitous ARP for 10.0.2.2 (source IP). I do not understand what gratuitous ARP is trying to do.

I think that Gratuitous ARP is when the host cant resolve an IP, then it just takes one that fits the network range. A Gratuitous ARP packet(s) will arrive after some time. I think this is DHCP steared. — Daniel, Sep 06 '13 at 12:25
Read this aswell... http://answers.yahoo.com/question/index?qid=20090526233447AAiArSy — Daniel, Sep 06 '13 at 12:26
also.. i would recormend that you watch http://www.securitytube.net/video/1835 — Daniel, Sep 06 '13 at 12:28
want me to put down an answer so we can get it closed in a good mannor? — Daniel, Sep 06 '13 at 13:29

score 1 · Accepted Answer · answered Sep 06 '13 at 13:47

A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.

Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts.

When you send an ARP request to 10.0.2.14 and receive no response you're basically saying "oh well I didn't get a response so here are my details for you to get in touch with me" and sending the gratuitous ARP.

Also you should read my comments from before, those contains a lot more detailed information if you are interested, but i dont care who will get the answer :-) Just that this questio+n will get closed that all i care for :) — Daniel, Sep 06 '13 at 14:17

Wireshark Gratuitous ARP

1 Answers1

Linked