How to broadcast ARP update to all neighbors in Linux?

Question

Some clients in the subnet has cached the IP with old MAC address, I want them to update the new value by doing a ARP broadcast, is it possible in Linux?

score 32 · Accepted Answer · answered Aug 29 '10 at 09:24

Yes, it's called "Unsolicited ARP" or "Gratuitous ARP". Check the manpage for arping for more details, but the syntax looks something like this:

arping -U 192.168.1.101

If you're spoofing an address, you may need to run this first:

echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

Finally, because of its spoofing ability, sending Unsolicited ARP packets is sometimes considered a "hostile" activity, and may be ignored, or might lead to being blocked by some third-party firewalls.

score 10 · Answer 2 · edited Mar 26 '21 at 10:52

What you are looking for is called "Gratuitous ARP" and can be done using "arping". If your IP address is 10.0.0.1 on eth0, you would use this command:

arping -A -i eth0 10.0.0.1

You can verify the ARP is being sent using "tcpdump" while the "arping" is running, in this case I am watching "wlan0":

laptop:~$ sudo tcpdump -lni wlan0 arp    
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:14:11.219936 ARP, Reply 172.16.42.161 is-at a4:77:03:d2:9b:c4, length 28
12:14:12.220119 ARP, Reply 172.16.42.161 is-at a4:77:03:d2:9b:c4, length 28
12:14:13.220288 ARP, Reply 172.16.42.161 is-at a4:77:03:d2:9b:c4, length 28
12:14:13.220397 ARP, Reply 172.16.42.161 is-at a4:77:03:d2:9b:c4, length 28
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
laptop:~$

score 4 · Answer 3 · answered Oct 27 '21 at 13:33

What you need is a gratuitous ARP request. As told by Sebastian Wiesinger on NetworkEngineering the packet has the following characteristics:

Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)
it's an ARP request, not a reply

Therefore to send a gratuitous arp request for my virtual (additional) ip 192.168.178.55 was:

arping -i ens192 -U -S 192.168.178.55 192.168.178.55

The "-U" creates an unsolicited arp request. The "-S <ip>" assures, that the ip address is set as source. The final "<ip>" contains the ip address we ask for (without expecting an answer).

score -2 · Answer 4 · answered Aug 29 '10 at 09:08

It is not necessary. As in: when you changed the IP, the computer should have done so automatically. If the clietns are hardcoded, a broadcast will not change the hadcoded override.

I do IT for about 20 years now, and in all this time I have NEVER (!) had this happen without faulty equipment.

How to broadcast ARP update to all neighbors in Linux?

4 Answers4

Linked