Linux provides two very useful tools for diagnosing network troubles: arp and ip neigh.
The arp command is a tool that allows you to display the IP-address-to-MAC-address mappings that a system has built so that it doesn't have to fetch the same information repeatedly for systems it communicates with. In doing this, arp allows you to discover and display details about systems on your network.
The other is the arp command's younger brother, ip neigh, which can also display and manipulate arp tables. In this post, we'll take a look at how these commands work and what they can tell you.
[ Also see reviews of network-monitoring software from Icinga, Observium, Nagios and
Using arp cisco cucm
To display the ARP table on a Linux system, just type "arp". Add -a to condense the output if you don't want to see the data organized into columns with headings. (An arp-a command also will show the arp table in the command prompt on a Windows box, by the way.)
Here's an example of the arp command and what it shows you:
$ arp
Address HWtype HWaddress Flags Mask Iface
fruitfly ether 7c:67:a2:cf:9f:ef CM enp0s25
Comtrend.Home ether f8:8e:85:35:7f:b9 C enp0s25
dragonfly ether 20:ea:16:01:55:eb C enp0s25
SAMSUNG-SM-G935A (incomplete) enp0s25
V40-ThinQ ether 02:0f:b5:0d:17:27 C enp0s25
DESKTOP-UDLCLKR ether 04:ed:33:7c:44:c6 C enp0s25
192.168.0.8 (incomplete) enp0s25
katydid ether 00:25:00:4e:9e:35 C enp0s25
V40-ThinQ ether 38:30:f9:29:f8:a4 C enp0s25
butterfly ether 44:65:0d:43:ed:44 C enp0s25
The first line contains the column headings. The first column shows IP addresses or host names. The second (HWtype) indicates that the connections are Ethernet connections, and the third (HWaddress) is the MAC address of each device.
In this example, all but one connection are marked C, which means "complete" and verifies the connection was successful. One of the two devices that don't show a C in this example is a cell phone. The other is a system that is offline.
The last column, Iface, means "interface" and represents the port on the system through which all of the connections are being made. Some systems, especially servers, might have multiple network interfaces. In that case, you can select a particular interface by adding a -i and the interface name (e.g., arp -ai eth0).
$ arp -a
Address HWtype HWaddress Flags Mask Iface
192.168.0.33 ether 7c:67:a2:cf:9f:ef CM enp0s25
192.168.0.1 ether f8:8e:85:35:7f:b9 C enp0s25
192.168.0.7 ether 20:ea:16:01:55:eb C enp0s25
192.168.0.23 (incomplete) enp0s25
192.168.0.20 ether 02:0f:b5:0d:17:27 C enp0s25
192.168.0.14 ether 04:ed:33:7c:44:c6 C enp0s25
192.168.0.8 (incomplete) enp0s25
192.168.0.17 ether 00:25:00:4e:9e:35 C enp0s25
192.168.0.15 ether 38:30:f9:29:f8:a4 C enp0s25
192.168.0.13 ether 44:65:0d:43:ed:44 C enp0s25
The Flags column may show:
No comments:
Post a Comment