[buug] arp

[Michael Paoli]

Quoting John de la Garza:

> I have a webserver that is say ip addr: 1.  I make change it to be 2,  
> then make a new box (different nic) to be ip addr of 1.  Now things  
> behave odd... I just learned that things like this get cached.
> 
> Is there a way I can erase the entire arp cache and let it get  
> rebuilt?  or must I do it case by case  with arp -d?

One can generally check/alter the arp cache data via the arp command. 
Typically arp data will effectively fix itself (older data timing out) 
within several minutes.  If the problem(s)/issue(s) are lasting longer  
than that, you likely have something else going on.  /etc/ethers can be 
used for persistent Ethernet MAC <--> IP mapping (and thwarting arp cache
poisoning) ... but that's typically not used in most environments.  If  
you've still got persistent issues, you may want to poke around with 
tcpdump or the like, a bit more, to see what's actually going on on the 
network.  With suitable options to tcpdump, one will get to see the arp 
request and reply packets (or note the lack thereof) and the 
Ethernet MAC addresses (link level headers).  That should be enough to 
relatively quickly isolate if one has a Ethernet MAC address and/or arp 
or related issue/problem.