Bootstrap

linux局域网IP地址冲突检测

使用keepalived设置vip的时候,发现vip无法连接,经查是出现了ip地址冲突,使用了一个在用的ip作为了vip,但是这个ip其实ping不通,因为目标机禁用了ping,也即是丢弃了ICMP包。

一、那么怎么检测IP地址是否已经被占用呢?

1、ping

如果ip未占用,ping的返回如下:

ping 10.10.10.225
PING 10.10.10.225 (10.10.10.225) 56(84) bytes of data.
From 10.10.10.125 icmp_seq=1 Destination Host Unreachable
From 10.10.10.125 icmp_seq=2 Destination Host Unreachable
From 10.10.10.125 icmp_seq=3 Destination Host Unreachable
From 10.10.10.125 icmp_seq=4 Destination Host Unreachable

如果ip地址被占用,但对方禁用了ping包:

ping 10.10.10.215
PING 10.10.10.215 (10.10.10.215) 56(84) bytes of data.
^C
--- 10.10.10.215 ping statistics ---
35 packets transmitted, 0 received, 100% packet loss, time 33998ms

2、arping

如果ip地址未被占用,返回:

arping -I eth0 -f 10.10.10.225
ARPING 10.10.10.225 from 10.10.10.125 wlp2s0
^CSent 16 probes (16 broadcast(s))
Received 0 response(s)

如果ip地址被占用,返回:

arping -I eth0 -f 10.10.10.215
ARPING 10.10.10.215 from 10.10.10.125 eth0
Unicast reply from 10.10.10.215 [80:A3:21:36:25:C0]  3.542ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

3、arp-scan

Releases · royhills/arp-scan · GitHub

可以扫描出局域网内所有的ip地址和对应的mac,从中也可以查出局域网内重复的ip地址。

arp-scan -I eth0 10.10.10.0/24          
Interface: eth0, type: EN10MB, MAC: 22:7d:57:e1:2f:6f, IPv4: 10.10.10.125
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
10.10.10.1      03:74:9c:d1:62:65       Ruijie Networks Co.,LTD
10.10.10.2     44:0b:35:e0:e5:70       Xilinx
10.10.10.3     86:a3:b6:2a:5d:cf       (Unknown: locally administered)
10.10.10.4     70:f3:f4:17:b5:34       (Unknown)
10.10.10.5     e1:ca:57:66:74:7b      Apple, Inc.
10.10.10.6     b4:22:e2:6c:6a:5e       Bull Group Co., Ltd
 

二、手动添加新vip

ip addr add 10.10.10.225 dev eth0

删除:

ip addr del 10.10.10.225/32 dev eth0

三、本机arp缓存

查看arp缓存:arp -n | grep $ip
清空arp缓存:arp -d $ip

;