Scroll to navigation

ARPD(8) System Manager's Manual ARPD(8)

NAME

farpd
ARP reply daemon

SYNOPSIS

farpd [-d] [-i interface] [net ...]

DESCRIPTION

farpd replies to any ARP request for an IP address matching the specified destination net with the hardware MAC address of the specified interface, but only after determining if another host already claims it.

Any IP address claimed by farpd is eventually forgotten after a period of inactivity or after a hard timeout, and is relinquished if the real owner shows up.

This enables a single host to claim all unassigned addresses on a LAN for network monitoring or simulation.

farpd exits on an interrupt or termination signal.

Note: The program name farpd has been changed in Debian GNU/Linux from the original name (arpd) to avoid name clash with other ARP daemons.

The options are as follows:

Do not daemonize, and enable verbose debugging messages.
interface
Listen on interface. If unspecified, farpd searches the system interface list for the lowest numbered, configured ``up'' interface (excluding loopback).
net
The IP address or network (specified in CIDR notation) or IP address ranges to claim (e.g. ``10.0.0.3'', ``10.0.0.0/16'' or ``10.0.0.5-10.0.0.15''). If unspecified, farpd will attempt to claim any IP address it sees an ARP request for. Mutiple addresses may be specified.

FILES

/var/run/farpd.pid
 

SEE ALSO

pcapd(8), synackd(8)

BUGS

farpd will respond too slowly to ARP requests for some applications. In order to ensure that it does not claim existing IP addresses it will send two ARP request and wait for a reply. This slowness affects the nmap network scanning tool, and possibly others, which uses by default ARP when scanning local networks. The answers from farpd will come after the tool has timeout waiting for the ARP replies and, consequently, IP addresses claimed by farpd will not be discovered.

Additionally, farpd sends the ARP replies to the broadcast address of the network and not to the host that send the ARP request. Some systems and applications (notably nmap) will not handled these requests and expect directed ARP replies (i.e. targeted specifically to the host that sent the request and not to the network)

AUTHORS

Dug Song ⟨dugsong@monkey.org⟩, Niels Provos ⟨provos@citi.umich.edu⟩
August 4, 2001