Am Sonntag, 13. Oktober 2019 schrieb Dr. Nikolaus Klepp: > There is some misunderstanding: The ARP package has nothing to do > with DNS.
That's what I've been thinking and why I asked. > It basicly links MAC to IP - and you can do funny things > with it. Okay, I still can't seem to connect the dots… > tcpdump just makes the name resolution for you, use "tcpdump > -n" to go without it. e.g.: > > # tcpdump -n > 10:28:14.675930 ARP, Request who-has 192.168.1.190 tell 192.168.1.1, > length 28 10:28:14.675980 ARP, Reply 192.168.1.190 is-at > 00:1b:77:53:6c:43, length 28 Alright. What attracts my attention is, that here length is 28 just like the ARP message format is explained on the site you recommended where it is 46 on my machine: $ sudo tcpdump -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes 10:34:53.070420 ARP, Request who-has 91.65.142.159 tell 91.65.142.254, length 46 10:34:53.071792 ARP, Request who-has 90.187.99.84 tell 90.187.99.86, length 46 Is this relevant in any way related to exaggerated ARP requests? > arp cache should only have as many entries as ather mac adresses are > active in your part of the lan. If you are alone on your router, then > it's just you routers mac in the cache. This seems to be the case (see OP). Thank you, Nik. Stefan _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng