Can't figure out how this is working

UNIX for Advanced & Expert Users
1

I have two machines, each with a virtual interface, with the following configurations:

Machine1:

eth2      Link encap:Ethernet  HWaddr 00:09:6B:19:E5:05
          inet addr:172.16.0.201  Bcast:172.16.0.255  Mask:255.255.255.0
eth2:0    Link encap:Ethernet  HWaddr 00:09:6B:19:E5:05
          inet addr:192.168.131.1  Bcast:172.16.0.255   Mask:255.255.255.0

Please note the broadcast address for the virtual interface.

Routing table:
Destination     Gateway         Genmask         Flags   MSS Window  irtt  Iface
192.168.131.0   0.0.0.0         255.255.255.0   U         0 0          0  eth2
172.16.0.0      0.0.0.0         255.255.255.0   U         0 0          0  eth2
0.0.0.0         172.16.0.1      0.0.0.0         UG        0 0          0  eth2

Machine 2:

eth0      Link encap:Ethernet  HWaddr 00:09:6B:6D:BE:D5
          inet addr:172.16.0.202  Bcast:172.16.0.255  Mask:255.255.255.0
eth0:0    Link encap:Ethernet  HWaddr 00:09:6B:6D:BE:D5
          inet addr:192.168.131.15  Bcast:192.168.131.127   Mask:255.255.255.128

Once again, please note the broadcast address for the virtual interface.

Routing table:
Destination     Gateway         Genmask         Flags   MSS Window  irtt  Iface
192.168.131.0   0.0.0.0         255.255.255.128 U         0 0          0  eth0
172.16.0.0      0.0.0.0         255.255.255.0   U         0 0          0  eth0
0.0.0.0         172.16.0.1      0.0.0.0         UG        0 0          0  eth0

Arp table on Machine 2 prior to pinging machine 1:
? (172.16.0.201) at 00:09:6b:19:e5:05 [ether] on eth0

And after sending a ping from machine 2 to 192.168.131.1:
? (192.168.131.1) at 00:09:6b:19:e5:05 [ether] on eth0
? (172.16.0.201) at 00:09:6b:19:e5:05 [ether] on eth0

To my understanding, this should not have worked, because Machine 1 should not be listening on Machine 2's broadcast address (you'll note I have picked a non-default broadcast for a Class C address on machine 2). But it seems to work.

Can anyone explain how this is working - i.e. how machine 2 is resolving machine 1's MAC?

---------- Post updated at 04:45 PM ---------- Previous update was at 12:28 AM ----------

Moderators, thank you for putting the post in such a nice format! I apologize for the mess it looked like before... :slight_smile:

For anyone interested, this did get resolved with some help from other forums. Apparently ARP (and DHCP) uses a special type of broadcast called "Limited broadcast" (vs. Direct broadcast) which uses the IP of 255.255.255.255 and a link layer address ff:ff:ff:ff:ff:ff:ff. Limited broadcast does not use the network broadcast IP, rather an IP address with all bits set.

Direct broadcast on the other hand sends packets to all hosts in the broadcast domain of the network using the network broadcast IP. Routers will generally not forward limited broadcast packets, but you can forward direct broadcast packets.