2

We have a product that runs Windows XP Embedded SP1. We configure a fake (does not exist) MAC address for a fake IP in the ARP table. When there is a communication happening, Windows sends packets to the fake MAC and fakeIP and later we change it to real ones in a driver. This is how the software is designed.

The problem is that sometimes Windows starts sending ARP requests for the fake IP even though it has an entry for it in the ARP table. I had no clue why this was happening and, in blind attempt to reproduce the issue, I wrote a script to delete ARP entry then add it again after some seconds. After some attempts, I saw the problem happening.

Any ideas about what should I check/change?

kbulgrien
  • 4,384
  • 2
  • 26
  • 43
Ratnesh Maurya
  • 706
  • 3
  • 10
  • Are you sure you're adding a **static** ARP cache entry? See this link: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/arp.mspx?mfr=true – James May 04 '11 at 09:57
  • Yes I am adding static ARP entry but using Iphlpapi (MIB_IPNETROW and SetIpNetEntry). Also i am able to see that ARP entry exist using arp -a even then windows is send ARP requests. – Ratnesh Maurya May 05 '11 at 10:01
  • I've also seen excessive arping from windows boxes. – Tim Williscroft Jun 06 '11 at 01:14

1 Answers1

0

Can you Check the Ethernet Frame MAC Addresses in both cases, in the case where there is an entry and when there is no entry in the arp cache. Additionally, Check your code, I think you will find some reference to the FAKE IP address inside your code (that you might have forgot to change) There are many application layer protocols that require the use of ARP prior to their commmunication, So I think maybe you're using one of these protocols in your code and you instruct the code to communicate with the fake IP address, that's why when you invoke this protocol it uses arp to find the mac address of the fake IP. Let me know if this answers your question.

syspah
  • 1