If you’ve ever changed the IP of a computer – or setup a new computer with the IP of an old computer – you’ve probably noticed that the computer has no network connectivity for a short time. While frustrating, this is by no means a unsolvable mystery. What has happened is that a network device – such as a firewall, router or switch – has cached the old MAC (ethernet hardware) address associated with the IP address. This cache will persist on the network device until one of two things happen:
First, I’ll show you my routing table:
- The arp (address resolution protocol) cache on the remote network device expires
- You manually clear the arp cache on the remote network device
Here’s an outline of the steps we’ll take:
- install arping (portable version or FreeBSD Ports)
- use arping to arping the IP address of the remote network device.
Example 1:
In this example (Example 1) the default gateway for my network is 10.10.1.1 – this is the device who’s arp cache we’re going to clear. The IP address of my new computer is 10.10.1.2, the MAC address of my old computer was 00:1a, and the MAC address of my new computer is 00:1b (neither MAC is important, they’re just here for reference).First, I’ll show you my routing table:
Here’s my first attempt at getting out to the Internet after reassigning my IP address. I’m trying to ping yahoo.com, which fails.playpig$ netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.10.1.1 UGS 0 0 fxp0 10.10.1.0 ff:ff:ff:ff:ff:ff UHLWb 0 3 fxp0 => 10.10.1/24 link#1 UC 0 0 fxp0 10.10.1.1 00:13:60:b8:f3:7f UHLW 0 3 fxp0 1164 10.10.1.2 00:02:55:54:00:1b UHLW 0 3 lo0Example 1, Output I: My routing table.
Now I’m going to arping my gateway. This will cause my gateway to flush the arp cache for my IP address. The flags I’m using are -c 1: send one arping, and -S 10.10.1.2: set my source IP to 10.10.1.2 (this is optional but could be useful for a host with multiple alias‘d IPs, such as eth0:1, eth0:2, etc.).playpig$ ping -c 1 yahoo.com PING yahoo.com (216.109.112.135): 56 data bytes --- yahoo.com ping statistics --- 1 packets transmitted, 0 packets received, 100% packet lossExample 1, Output II: First ping attempt.
This is my second attempt at getting out to the Internet by pinging yahoo.com. This was a success.playpig$ arping -c 1 -s 10.10.1.2 10.10.1.1 ARPING 10.10.1.1 60 bytes from 00:13:60:b8:f3:7f (10.10.1.1): index=0 time=13.884 msec --- 10.10.1.1 statistics --- 1 packets transmitted, 1 packets received, 0% unansweredExample 1, Output III: Using arping to clear the arp cache on my gateway.
playpig$ ping -c 1 yahoo.com PING yahoo.com (216.109.112.135): 56 data bytes 64 bytes from 216.109.112.135: icmp_seq=0 ttl=55 time=83.822 ms --- yahoo.com ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 83.822/83.822/83.822/0.000 msExample 1, Output IV: Second ping attempt.
