If you’ve ever changed the IP of a computer host – or setup a new computer with the IP of an old computer – you’ve probably noticed that the host has no network connectivity for a short time. While frustrating, this is by no means a unsolvable mystery. What’s happening is that a gateway network device – such as a firewall, router or switch – has cached the old MAC address (ethernet hardware address) associated with the host’s IP address. This cache will persist on the network device until one of two things happen:
- The ARP (address resolution protocol) cache on the gateway network device expires.
- You manually clear the ARP cache on the gateway network device.
Normally the ARP cache can be cleared on networks devices using commands like arp -d on Unix, or clear arp cache on Cisco IOS & CatOS. However, on devices for which you do not have administrative access, it may not possible to clear the ARP cache using these methods. If that’s the case, below I’ll show you a way to force a remote network device to clear its ARP cache entry for a host’s IP address.
Here’s an outline of the steps we’ll take:
- Install arping (portable version or FreeBSD Ports).
- Use arping to arping the IP address of the remote network device.
In this example (Example 1) the default gateway for my network is 10.10.1.1 – this is the device who’s ARP cache we’re going to clear. The IP address of my new computer is 10.10.1.2, the MAC address of my old computer was 00:1a, and the MAC address of my new computer is 00:1b (neither MAC is important, they’re just here for reference).
First, I’ll show you my routing table:
playpig$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.10.1.1 UGS 0 0 fxp0 10.10.1.0 ff:ff:ff:ff:ff:ff UHLWb 0 3 fxp0 => 10.10.1/24 link#1 UC 0 0 fxp0 10.10.1.1 00:13:60:b8:f3:7f UHLW 0 3 fxp0 1164 10.10.1.2 00:02:55:54:00:1b UHLW 0 3 lo0
Example 1, Output I: My routing table.
Here’s my first attempt at getting out to the Internet after reassigning my IP address. I’m trying to ping yahoo.com, which fails.
playpig$ ping -c 1 yahoo.com PING yahoo.com (22.214.171.124): 56 data bytes --- yahoo.com ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss
Example 1, Output II: First ping attempt.
Now I’m going to arping my gateway. This will cause my gateway to flush the ARP cache for my IP address. The flags I’m using are -c 1: send one arping, and -S 10.10.1.2: set my source IP to 10.10.1.2 (this is optional but could be useful for a host with multiple alias‘d IPs, such as eth0:1, eth0:2, etc.).
playpig$ arping -c 1 -S 10.10.1.2 10.10.1.1 ARPING 10.10.1.1 60 bytes from 00:13:60:b8:f3:7f (10.10.1.1): index=0 time=13.884 msec --- 10.10.1.1 statistics --- 1 packets transmitted, 1 packets received, 0% unanswered
Example 1, Output III: Using arping to clear the arp cache on my gateway.
This is my second attempt at getting out to the Internet by pinging yahoo.com. This was a success.
playpig$ ping -c 1 yahoo.com PING yahoo.com (126.96.36.199): 56 data bytes 64 bytes from 188.8.131.52: icmp_seq=0 ttl=55 time=83.822 ms --- yahoo.com ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 83.822/83.822/83.822/0.000 ms
Example 1, Output IV: Second ping attempt.