2
I'm seeing some weird behavior, and was hoping someone could explain to me why this is happening:
I have a linux box with two physical interfaces:
arnout@arnout-VirtualBox ~ $ ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:46:ee:f0 inet addr:10.0.20.58 Bcast:10.0.23.255 Mask:255.255.252.0 inet6 addr: fe80::a00:27ff:fe46:eef0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5942438 errors:0 dropped:1 overruns:0 frame:0 TX packets:2012142 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3291019944 (3.2 GB) TX bytes:343769813 (343.7 MB) eth1 Link encap:Ethernet HWaddr 08:00:27:64:eb:76 inet addr:1.1.1.1 Bcast:1.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe64:eb76/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:651 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:169802 (169.8 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1107 errors:0 dropped:0 overruns:0 frame:0 TX packets:1107 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:92180 (92.1 KB) TX bytes:92180 (92.1 KB) arnout@arnout-VirtualBox ~ $ uname -a Linux arnout-VirtualBox 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux
If I ping 1.1.1.2, not having this address in the ARP cache (since it does not exist), I can see a normal ARP packet:
"Who has 1.1.1.2, Tell 1.1.1.1"
However, when I ping using the source address of the eth0 (ping 1.1.1.1 -I 10.0.20.58), this IP actually gets put into the ARP request IP!
"Who has 1.1.1.2, Tell 10.0.20.58"
To me, this does not make sense at all. Also, host 1.1.1.2 (if it were to exist) could learn that 10.0.20.58 has the MAC address of 1.1.1.1, which is wrong. (probably not too much bad will happen)
If anybody knows why Linux is doing this, please share:)
@Arnout long shot, but did you ever figure this out? I wanted to understand why Linux does this, but I have different thoughts: you're running
ping 1.1.1.1 -I 10.0.20.58
and you saidI expect it send out "Tell 1.1.1.1"
in your last comment. But I'd actually expect it to send the ping request directly toeth0
's default gateway, right? – Alaa Ali – 2016-09-13T15:32:38.687@Ali, an ARP request is a broadcast, so it is sent to everyone, including the default gateway. And I do mean "Tell 1.1.1.1", since that is the IP address reachable on that interface. (+ I did not figure this out yet why linux does this though) – Arnout – 2016-09-16T13:09:35.023
1Well, what did you expect? More to the point, why did you use the
-I
option to set a source address that’s inappropriate for the query? – Scott – 2013-09-11T16:51:34.523Also, I had to read the middle part of the question twice to figure out that, when you said “the second interface,” you meant
eth0
. – Scott – 2013-09-11T16:52:02.603-I does not make it inappropriate for the query. You can ping from ANY source address. It's in the lower layer, that the problem occurs. I expect it send out "Tell 1.1.1.1", regardless of the source IP of the upper layer. – Arnout – 2013-09-12T08:15:20.930