Method for detecting proxy ARP replies from devices in a local area network
First Claim
Patent Images
1. In a LAN test instrument for coupling to a LAN, a method for detecting a misconfigured router, comprising:
- (a) building a data base containing entries corresponding to devices on said LAN, each of said entries containing a pair of MAC and IP addresses;
(b) issuing a first network request to said devices on said LAN corresponding to each of said entries, said first network request allowing no forwarding from a local segment of said LAN;
(c) issuing a second network request to said devices on said LAN corresponding to each of said entries, said second network request allowing forwarding from said local segment of said LAN;
(d) if there is no reply to said first network request and there is a reply to said second network request for at least one of said entries, detecting a proxy ARP reply for said one of said entries; and
(e) if said one of said entries has an IP address corresponding to a local host, detecting said misconfigured router.
4 Assignments
0 Petitions
Accused Products
Abstract
A method in a LAN test instrument for detecting proxy ARP agents and misconfigured routers in a TCP/IP LAN is provided. The method first allows for detection of routers running proxy ARP for the default route by issuing a single ARP command for a unique remote host. Because the target IP address chosen as a unique, non-existent device, the router will respond to the ARP request with a proxy ARP reply for its default route if this function is enabled. The method further allows for distinguishing between responses from actual devices having duplicate IP addresses and responses from misconfigured routers replying in proxy ARP for local hosts. The false duplicate IP addresses due to proxy ARP replies may be identified as phantom entries in a data base that can then be appropriately tagged or eliminated to display only the entries that correspond to actual physical devices to the user of the LAN test instrument.
253 Citations
15 Claims
-
1. In a LAN test instrument for coupling to a LAN, a method for detecting a misconfigured router, comprising:
-
(a) building a data base containing entries corresponding to devices on said LAN, each of said entries containing a pair of MAC and IP addresses; (b) issuing a first network request to said devices on said LAN corresponding to each of said entries, said first network request allowing no forwarding from a local segment of said LAN; (c) issuing a second network request to said devices on said LAN corresponding to each of said entries, said second network request allowing forwarding from said local segment of said LAN; (d) if there is no reply to said first network request and there is a reply to said second network request for at least one of said entries, detecting a proxy ARP reply for said one of said entries; and (e) if said one of said entries has an IP address corresponding to a local host, detecting said misconfigured router. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a LAN test instrument for coupling to a LAN containing a plurality of devices, a method for building a data base, comprising:
-
(a) issuing active network requests to each of said devices; (b) receiving responses from said devices according to said active network requests and to passive monitoring of said LAN; (c) adding entries to said data base according to each of said responses; (d) issuing a first network request to devices on said LAN corresponding to each of said entries, said first network request allowing no forwarding from a local segment of said LAN; (e) issuing a second network request to devices on said LAN corresponding to each of said entries, said second network request allowing forwarding from said local segment of said LAN; and (f) if there is no reply to said first network request and there is a reply to said second network request for at least one of said entries, detecting said one of said entries to be a phantom entry. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. In a LAN test instrument for coupling to a LAN, a method for detecting a router running proxy ARP for its default route, comprising:
-
(a) issuing an ARP request on said LAN for a remote host having a unique IP address; (b) if said router replies to said ARP request, detecting said proxy ARP; (c) obtaining a MAC address of said router; (d) obtaining an IP address corresponding to said MAC address for said router; (e) saving said MAC address and said IP address for said router as an entry in a data base in said LAN test instrument; and (f) identifying other entries in said data base having said MAC address for said router as phantom replies. - View Dependent Claims (14, 15)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeLinkRunner, LLC (Netscout Systems, Inc. /Handheld Network Test Bus/)
-
Original AssigneeFrank J. Actis, Manfred R. Arndt
-
InventorsArndt, Manfred R., Actis, Frank J.
-
Primary Examiner(s)Chin, Wellington
-
Assistant Examiner(s)VU, HUY DUY
-
Application NumberUS08/756,994Time in Patent Office412 DaysField of Search370/254, 370/255, 370/257, 370/258, 370/351, 370/389, 370/392, 370/400, 370/401, 370/402, 370/403, 370/404, 370/405, 370/406, 370/407, 370/408, 370/409, 370/410, 370/256, 370/522, 370/241, 370/242, 370/245, 370/243, 370/252, 370/475, 370/244, 370/247, 370/246, 370/250, 340/825.06, 340/825.07, 340/825.08, 340/825.52, 340/825.53, 340/825.54, 395/200.16, 395/410, 395/413, 395/416, 395/421.11US Class Current370/242CPC Class CodesH04L 61/00 Network arrangements, proto...H04L 61/10 of different typesH04L 61/59 using proxies for addressing
