Stuart Levy (email@example.com)
Fri, 8 Jul 88 16:55:08 CDT
It's probably trying to tell the world that it itself (its own IP address)
is at its own Ethernet address... just in case they forgot or otherwise
got confused. It could also be checking for impostors on the same net,
claiming to be the same IP address as its own.
ARP request packets don't just list the requested IP address;
they also include the requestor's IP and link-layer (e.g. Ethernet) address.
A feature of the algorithm in RFC 826 is that, on receiving an ARP request,
you check whether the -sender's- IP address is in the local ARP table. If so,
update the table to associate [sender-IP-address, sender-link-layer-address].
(And, of course, also check whether to respond to the ARP request, but that's
This makes it possible to change a host's link-layer address
and notify the world of the fact just by broadcasting any ARP request.
Anyone who thought they knew what the address was will automatically
update their tables.
(Of course it also makes it possible for any bozo who can generate a
bogus ARP packet to cut you off from the world. This might be a rationale
for sending ARPs periodically, though 5 second intervals seem pretty extreme.)
Further, ARPing for your own IP address should bring a response from anyone
who thinks they're at that address too. BSD systems print
"duplicate IP address!!" messages when they detect this situation.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:42:50 GMT