First of all, do two comparative test:
root@firewall root]# arp -a
? (192.168.100.83) at 00:15:58:A2:13: D0 [ether] on eth0
? (192.168.100.81) at 00:15:C5:E1:D1:58 [ether] on eth0
[root@firewall bin]# arp -s 192.168.100.81 00:15:C5:E1:D1:58
[root@firewall bin]# arp -a
? (192.168.100.83) at 00:15:58:A2:13: D0 [ether] on eth0
? (192.168.100.81) at 00:15:C5:E1: D1:58 [ether] PERM on eth0
I found no? More than a PERM!
或者
[root@firewall bin]# cat /proc/net/arp
IP address HWtype Flags HWaddress Mask Device
192.168.100.83 0x1 0x2 00:15:58:A2:13:D0 * eth0
192.168.100.81 0x1 0x6 00:15:C5:E1:D1:58 * eth0
[root@firewall bin]# arp -s 192.168.100.83 00:15:58:A2:13:D0
[root@firewall bin]# cat /proc/net/arp
IP address HW type Flags HW address Mask Device
192.168.100.83 0x1 0x6 00:15:58:A2:13:D0 * eth0
192.168.100.81 0x1 0x6 00:15:C5:E1: D1:58 * eth0
I found no? Flags changed!
So we can find arp static binding address in two ways:
#arp -a | grep PERM or
#cat /proc/net/arp | grep 0x6
But I would suggest that the latter is faster.
The use of static ARP control
We know, ARP (Address Resolution Protocol, Address Resolution Protocol) is used as the underlying protocol for IP addresses to physical addresses. In Ethernet, all access to the IP eventually translated into access to the network card MAC address.
Just imagine, if the host A's ARP table, the host B IP address and MAC address is incorrect, sent to B from A packet will be sent to the wrong MAC address, of course, can not successfully reach B, the result is A and B can not communicate. Linux can be controlled by converting ARP arp command, i.e., the conversion IP to MAC. Thus, the user can use the MAC address matching function. Here we take a look at the usage arp command.
Enter arp all ARP will show the current conversion record, like this:
Address hwtype HWAddress Flags Mask Iface
www.baidu.com ether 00: 06: 29: 57: 16: F5 C eth0
218.200.80.177 ether 00: 01: 30: F4 : 32: 40 C eth1
192.168.100.25 ether 00: 02: 1E: Fl: 92: C2 C eth0
thus be seen that the current system reserved IP address and MAC address corresponding to one, and indicates the type of hardware (hwtype) and the interfaces used for communication (Iface). But these are dynamically generated, without manual intervention. We need to do exactly this process is manual intervention.
Another important feature we need to use the arp command, is to manually change the correspondence. In addition, the command can also read the text file ARP records, which is the default file / etc / ethers. In other words, when the input ARP-f, the system will read the / etc / ethers file, and is one of the project to replace the current system of ARP record. Suppose / etc / ethers file reads as follows:
192.168.100.25 00: 02: 01: 50
: BB: 53 then execute the command arp -f
At this time, we view the system ARP table, you will find both the original and the MAC address 192.168.100.25 what is new will be replaced by:
www.baidu.com ether 00: 06: 29: 57: 16: F5 C eth0
218.200 ether 00 .80.177: 01: 30: the F4: 32: 40 C eth1
192.168.100.25 ether 00: 02: 01: 50: BB: 53 is C eth0
in this case, the machine destined data packet by the destination MAC address of 192.168.100.25 the original 00: 02: 1E: F1: 92: C2 changed to 00: 02: 01: 50: BB: 53 obviously, if the MAC address is 192.168.100.25 where the card is not 00: 02: 01: 50: BB: 53 , packets can not reach the correct destination, then they will not communicate, so achieving the goal of identifying unauthorized users.
Of course, a method of controlling a MAC address more than that, for example, using the user interface management function to identify the switch. According to the principle of the switch, which is directly transmit data to the corresponding port, then you must maintain a database that contains all the MAC addresses connected to the port card, shows that the theoretical control MAC address used by each port is feasible . Most high-end switches such as 3Com SuperStack series, have this capability. Specific operations related switch models, do not repeat them here.
Finally, a reminder, MAC address control is not foolproof. As this world there is no absolute untied password as the so-called security is relative to a particular environment. Now, many cards support MAC address changes to the software, Linux and Windows itself has a way to modify the physical address. However, due to the relative stability in this way, eliminating the cumbersome client settings, completely transparent to users, but also has a strong operational, so in a way that is safe.
Linux Arp command to display and modify the ARP (ARP) used "to the IP physical" address conversion table.
the ARP -s the inet_addr eth_addr [of if_addr]
the ARP -d the inet_addr [of if_addr]
the ARP -a [the inet_addr] [-N of if_addr] [-v]
-g Same as -a.
-v Displays current ARP entries in verbose mode. All invalid entries and entries on the loopback interface will be displayed.
inet_addr designated Internet address (IP address).
-N if_addr display network interface ARP entries if_addr specified.
-d delete inet_addr specified host. inet_addr may be the wildcard * to delete all hosts.
-s Add Host and Internet address and physical address eth_addr inet_addr associated. Physical addresses are separated by a hyphen 6 hexadecimal bytes. This is permanent.
eth_addr specified physical address.
if_addr If present, this address translation table should be modified to specify the Internet address of the interface. If not, the first applicable interface is used.
Add a static entry. This is useful, especially in a LAN arp virus after
# arp -s 123.253.68.209 00: 19: 56: 6F: 87: D2
# arp -a .... Displays the ARP table.
the root @ Ubuntu: / VI # / etc / by ethers
211.144.68.254 00: 12 is: D9: 32: the BF: 44 is
then written to the following command like
arp -f / etc / ethers
order to ensure the re-starting after the binding is still valid, you need to write the above command / etc / ethers
if not found in the ARP table" target IP address "ARP table entry is ARP broadcast packet to LAN transmission ( "Destination MAC address field" == FF: FF: FF: FF: FF: FF), the local machine will target ARP reply packet (including the MAC address of the target machine)