Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fleming
Advisor

arp sweep on demand

So I've seen how on a clusterxl interface failure checkpoint will begin spamming arp requests for everything in the local network. Is there a way to get checkpoint to do this on demand without a clusterxl event? I know about arping but I'm looking for something I don't have to setup a loop to do.

0 Kudos
Reply
5 Replies
Timothy_Hall
Champion
Champion

Gaia 3.10 has hping2 built-in, so if you wanted to spam ARP requests for network 192.168.1.0/24 on interface eth1 just do this:

 hping2 --fast --icmp -I eth1 192.168.1.x --rand-dest

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
John_Fleming
Advisor

Correct me if i'm wrong, but this does require outbound traffic from the firewall to be allowed correct?

Might work. I'll give it a try.

0 Kudos
Reply
John_Fleming
Advisor

Warning: when this option is enabled hping can't detect the right outgoing interface for the packets, so you should use the --interface option to select the desired outgoing interface.

Not very elegant. Was hoping for a bla/cidr notation worst case.

0 Kudos
Reply
Timothy_Hall
Champion
Champion

Yes, hping2 generated traffic will go through capture points o/O in F2F so it will need to be allowed by policy.  By default packets originating from the gateway are permitted by an implied rule that is positioned "Before Last", so as long as there are not any rules explicitly dropping traffic originating from the gateway and the implied rule setting is left at default it should be allowed.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
John_Fleming
Advisor

yeah outbound isn't allowed even from firewall for certain segments.

0 Kudos
Reply