Just to note that even if you can't upload images directly, imgur would be a lot easier for folk to embed the images than imageshack - for one thing you can just post a direct link to the image – Journeyman Geek – 2012-09-21T09:51:41.060

thanks it says i need 10pts to be able to upload image, but for that reason i will try imgur from now on – Sara – 2012-09-21T09:59:36.770

Correlation doe not imply causation. Obviously, the echo reply is sent before the ARP request, so it's not required for the PING reply. Your operating system may just decide to give the old ARP table a little refresh after having sent the echo reply. Besides that, I would assume that you only rely on information you've determined yourself when implementing a TCP/IP stack. The risk of someone injecting information through specially crafted packets is too high. So you rather resolve MAC-to-IP yourself than use the data you got from previous packets. – Der Hochstapler – 2012-09-21T10:14:58.753

This looks as some form of gratuitous ARP. What's target mac in the 5th request? @OliverSalzburg Receiving node must honor information received in ARP packet and insert it into its own table, as specified in RFC 826: http://tools.ietf.org/html/rfc826

@wmz, well in the 5th request the target mac is unknown (ff:ff:ff:ff:ff:ff) and ip is set for host-1. I have tested it many times but this is how it is, also if i block the last arp req/reply (as i am doing this through an openflow controller), the ping works however arp command yilds valid mac for host-2 inside host-1 machine, while shows it unknown mac for host/1 ip when run at host/2 machine. Because it was my understanding that only single arp req/reply should make both systems aware of each other, so i wanted to know if this is a bug or it really could happen as a normal behavior. Thanks – Sara – 2012-09-21T13:49:08.713