{"id":264,"date":"2012-03-06T13:27:28","date_gmt":"2012-03-06T12:27:28","guid":{"rendered":"http:\/\/blog.jeremm.fr\/?p=264"},"modified":"2014-09-24T21:44:46","modified_gmt":"2014-09-24T19:44:46","slug":"arp-actualisation-du-cache-routeur-gratuitousunsolicited-arp-reply","status":"publish","type":"post","link":"https:\/\/blog.jeremm.fr\/?p=264","title":{"rendered":"Arp, actualisation du cache routeur (gratuitous \/ unsolicited ARP reply)"},"content":{"rendered":"

Si votre routeur a un cache arp trop long, il est possible d’envoyer une trame ARP en broadcast ou ciblant directement le routeur o\u00f9 on d\u00e9clare une IP et la MAC correspondante, et ainsi rafra\u00eechir le cache.<\/p>\n

Un inconv\u00e9nient, la plupart des \u00e9quipements r\u00e9seau s\u00e9curise leur cache ARP pour \u00e9viter du ARP spoofing. Ils refusent les paquets de r\u00e9ponse ARP qui ne correspondent pas \u00e0 une demande.<\/p>\n

Un petit script pour envoyer ces paquets automatiquement en r\u00e9cup\u00e9rant les adresses d\u00e9finis et la passerelle du syst\u00e8me :<\/p>\n

#!\/bin\/bash\r\n\r\nTEST_IP=8.8.8.8\r\nif [ ! -x \/sbin\/ip ] ; then\r\n        apt-get install iproute -y\r\nfi\r\nif [ ! -x \/bin\/grep ] ; then\r\n        apt-get install grep -y\r\nfi\r\n\r\nGW=`\/sbin\/ip route list | \/bin\/grep default | \/usr\/bin\/awk '{print $3}'`\r\nDEV=`\/sbin\/ip route list | \/bin\/grep default | \/usr\/bin\/awk '{print $5}'`\r\n\r\nif [ ! -x \/usr\/sbin\/arping ] ; then\r\n        apt-get install arping -y\r\nfi\r\n\r\nif [ ! -x \/usr\/bin\/fping ] ; then\r\n        apt-get install fping -y\r\nfi\r\n\r\nfor ip in `\/sbin\/ip address list $DEV | \/bin\/grep \"inet \" | \/usr\/bin\/awk '{print $2}' | \/usr\/bin\/cut -d'\/' -f1` ; do\r\n        if [ `\/usr\/bin\/fping -S $ip -c 1 $TEST_IP 2>&1 | \/bin\/grep \"0% loss\" | \/usr\/bin\/wc -l` -eq 0 ] ; then\r\n                echo \"ARPING from $ip\"\r\n                \/usr\/sbin\/arping -S $ip -c 1 -w 2 -i $DEV $GW &> \/dev\/null\r\n        fi\r\ndone\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Si votre routeur a un cache arp trop long, il est possible d’envoyer une trame ARP en broadcast ou ciblant directement le routeur o\u00f9 on d\u00e9clare une IP et la MAC correspondante, et ainsi rafra\u00eechir le cache. Un inconv\u00e9nient, la plupart des \u00e9quipements r\u00e9seau s\u00e9curise leur cache ARP pour \u00e9viter du ARP spoofing. Ils refusent […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,4],"tags":[42],"_links":{"self":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/264"}],"collection":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=264"}],"version-history":[{"count":19,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/264\/revisions"}],"predecessor-version":[{"id":907,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=\/wp\/v2\/posts\/264\/revisions\/907"}],"wp:attachment":[{"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jeremm.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}