¿Por qué "arp -a" muestra resultados inconsistentes que son muy diferentes?

tag-icon tag-icon arp
¿Por qué "arp -a" muestra resultados inconsistentes que son muy diferentes?

Recientemente configuré una computadora con Ubuntu 18.04 y la conecté al wifi de mi casa. Cuando intento ejecutar arp -ael comando para escanear otros dispositivos conectados a la misma red, veo algunos resultados muy extraños.

Primero, la conexión está bien verificando ifconfig:

john@home:~$ ifconfig 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 246054  bytes 21958490 (21.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 246054  bytes 21958490 (21.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.14  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::e3f:e0a5:2438:a96a  prefixlen 64  scopeid 0x20<link>
        inet6 240d:1a:6a5:c900:1420:b3cc:994b:1b7b  prefixlen 64  scopeid 0x0<global>
        inet6 240d:1a:6a5:c900:74f4:f504:3a41:bc12  prefixlen 64  scopeid 0x0<global>
        ether 04:33:c2:c4:02:a2  txqueuelen 1000  (Ethernet)
        RX packets 2452125  bytes 3302288691 (3.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 964749  bytes 117659686 (117.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Tiene la dirección IP de 192.168.1.14 Luego probé arp -a:

john@home:~$ arp -a 
? (192.168.1.19) at 92:c4:78:3c:46:16 [ether] on wlo1
_gateway (192.168.1.1) at e4:7e:66:1f:bf:4c [ether] on wlo1
? (192.168.1.5) at 26:36:46:f9:69:83 [ether] on wlo1

lo cual tiene sentido porque puedo confirmar que mi iPad tiene la dirección IP de 192.168.1.19y mi teléfono tiene la dirección IP de192.168.1.5

Sin embargo, después de un tiempo ejecuté arp -anuevamente y el resultado me dejó boquiabierto:

john@home:~$ arp -a 
? (192.168.1.206) at <incomplete> on wlo1
? (192.168.1.183) at <incomplete> on wlo1
? (192.168.1.107) at <incomplete> on wlo1
? (192.168.1.8) at <incomplete> on wlo1
? (192.168.1.18) at <incomplete> on wlo1
? (192.168.1.165) at <incomplete> on wlo1
? (192.168.1.186) at <incomplete> on wlo1
? (192.168.1.110) at <incomplete> on wlo1
? (192.168.1.77) at <incomplete> on wlo1
? (192.168.1.33) at <incomplete> on wlo1
? (192.168.1.178) at <incomplete> on wlo1
? (192.168.1.123) at <incomplete> on wlo1
? (192.168.1.112) at <incomplete> on wlo1
? (192.168.1.96) at <incomplete> on wlo1
? (192.168.1.117) at <incomplete> on wlo1
? (192.168.1.74) at <incomplete> on wlo1
? (192.168.1.95) at <incomplete> on wlo1
? (192.168.1.84) at <incomplete> on wlo1
? (192.168.1.41) at <incomplete> on wlo1
? (192.168.1.62) at <incomplete> on wlo1
? (192.168.1.51) at <incomplete> on wlo1
? (192.168.1.8) at <incomplete> on wlo1
? (192.168.1.29) at <incomplete> on wlo1
? (192.168.1.18) at <incomplete> on wlo1
? (192.168.1.231) at <incomplete> on wlo1
? (192.168.1.252) at <incomplete> on wlo1
? (192.168.1.241) at <incomplete> on wlo1
? (192.168.1.198) at <incomplete> on wlo1
? (192.168.1.219) at <incomplete> on wlo1
? (192.168.1.208) at <incomplete> on wlo1
? (192.168.1.165) at <incomplete> on wlo1
? (192.168.1.186) at <incomplete> on wlo1
? (192.168.1.143) at <incomplete> on wlo1
? (192.168.1.132) at <incomplete> on wlo1
? (192.168.1.153) at <incomplete> on wlo1
? (192.168.1.110) at <incomplete> on wlo1
? (192.168.1.99) at <incomplete> on wlo1
? (192.168.1.120) at <incomplete> on wlo1
? (192.168.1.77) at <incomplete> on wlo1
? (192.168.1.66) at <incomplete> on wlo1
? (192.168.1.87) at <incomplete> on wlo1
? (192.168.1.44) at <incomplete> on wlo1
? (192.168.1.33) at <incomplete> on wlo1
? (192.168.1.54) at <incomplete> on wlo1
? (192.168.1.11) at <incomplete> on wlo1
? (192.168.1.21) at <incomplete> on wlo1
? (192.168.1.234) at <incomplete> on wlo1
? (192.168.1.244) at <incomplete> on wlo1
? (192.168.1.201) at <incomplete> on wlo1
? (192.168.1.222) at <incomplete> on wlo1
? (192.168.1.211) at <incomplete> on wlo1
? (192.168.1.168) at <incomplete> on wlo1
? (192.168.1.189) at <incomplete> on wlo1
? (192.168.1.178) at <incomplete> on wlo1
? (192.168.1.135) at <incomplete> on wlo1
? (192.168.1.156) at <incomplete> on wlo1
? (192.168.1.145) at <incomplete> on wlo1
? (192.168.1.102) at <incomplete> on wlo1
? (192.168.1.123) at <incomplete> on wlo1
? (192.168.1.112) at <incomplete> on wlo1
? (192.168.1.69) at <incomplete> on wlo1
? (192.168.1.90) at <incomplete> on wlo1
? (192.168.1.47) at <incomplete> on wlo1
? (192.168.1.36) at <incomplete> on wlo1
? (192.168.1.57) at <incomplete> on wlo1
? (192.168.1.3) at <incomplete> on wlo1
? (192.168.1.24) at <incomplete> on wlo1
? (192.168.1.237) at <incomplete> on wlo1
? (192.168.1.226) at <incomplete> on wlo1
? (192.168.1.247) at <incomplete> on wlo1
? (192.168.1.204) at <incomplete> on wlo1
? (192.168.1.193) at <incomplete> on wlo1
? (192.168.1.214) at <incomplete> on wlo1
? (192.168.1.171) at <incomplete> on wlo1
? (192.168.1.160) at <incomplete> on wlo1
? (192.168.1.181) at <incomplete> on wlo1
? (192.168.1.138) at <incomplete> on wlo1
? (192.168.1.159) at <incomplete> on wlo1
? (192.168.1.148) at <incomplete> on wlo1
? (192.168.1.105) at <incomplete> on wlo1
? (192.168.1.126) at <incomplete> on wlo1
? (192.168.1.115) at <incomplete> on wlo1
? (192.168.1.72) at <incomplete> on wlo1
? (192.168.1.93) at <incomplete> on wlo1
? (192.168.1.82) at <incomplete> on wlo1
? (192.168.1.39) at <incomplete> on wlo1
? (192.168.1.60) at <incomplete> on wlo1
? (192.168.1.49) at <incomplete> on wlo1
? (192.168.1.6) at <incomplete> on wlo1
? (192.168.1.27) at <incomplete> on wlo1
? (192.168.1.16) at <incomplete> on wlo1
? (192.168.1.229) at <incomplete> on wlo1
? (192.168.1.250) at <incomplete> on wlo1
? (192.168.1.207) at <incomplete> on wlo1
? (192.168.1.196) at <incomplete> on wlo1
? (192.168.1.217) at <incomplete> on wlo1
? (192.168.1.174) at <incomplete> on wlo1
? (192.168.1.163) at <incomplete> on wlo1
? (192.168.1.184) at <incomplete> on wlo1
? (192.168.1.141) at <incomplete> on wlo1
? (192.168.1.130) at <incomplete> on wlo1
? (192.168.1.151) at <incomplete> on wlo1
? (192.168.1.108) at <incomplete> on wlo1
? (192.168.1.97) at <incomplete> on wlo1
? (192.168.1.118) at <incomplete> on wlo1
? (192.168.1.75) at <incomplete> on wlo1
? (192.168.1.64) at <incomplete> on wlo1
? (192.168.1.85) at <incomplete> on wlo1
? (192.168.1.42) at <incomplete> on wlo1
? (192.168.1.63) at <incomplete> on wlo1
? (192.168.1.52) at <incomplete> on wlo1
? (192.168.1.9) at <incomplete> on wlo1
? (192.168.1.30) at <incomplete> on wlo1
? (192.168.1.19) at <incomplete> on wlo1
? (192.168.1.232) at <incomplete> on wlo1
? (192.168.1.253) at <incomplete> on wlo1
? (192.168.1.242) at <incomplete> on wlo1
? (192.168.1.199) at <incomplete> on wlo1
? (192.168.1.220) at <incomplete> on wlo1
? (192.168.1.209) at <incomplete> on wlo1
? (192.168.1.166) at <incomplete> on wlo1
? (192.168.1.187) at <incomplete> on wlo1
? (192.168.1.176) at <incomplete> on wlo1
? (192.168.1.133) at <incomplete> on wlo1
? (192.168.1.154) at <incomplete> on wlo1
? (192.168.1.111) at <incomplete> on wlo1
? (192.168.1.100) at <incomplete> on wlo1
? (192.168.1.121) at <incomplete> on wlo1
? (192.168.1.78) at <incomplete> on wlo1
? (192.168.1.67) at <incomplete> on wlo1
? (192.168.1.88) at <incomplete> on wlo1
? (192.168.1.45) at <incomplete> on wlo1
? (192.168.1.34) at <incomplete> on wlo1
? (192.168.1.55) at <incomplete> on wlo1
? (192.168.1.12) at <incomplete> on wlo1
_gateway (192.168.1.1) at e4:7e:66:1f:bf:4c [ether] on wlo1
? (192.168.1.22) at <incomplete> on wlo1
? (192.168.1.235) at <incomplete> on wlo1
? (192.168.1.224) at <incomplete> on wlo1
? (192.168.1.245) at <incomplete> on wlo1
? (192.168.1.202) at <incomplete> on wlo1
? (192.168.1.223) at <incomplete> on wlo1
? (192.168.1.212) at <incomplete> on wlo1
? (192.168.1.169) at <incomplete> on wlo1
? (192.168.1.190) at <incomplete> on wlo1
? (192.168.1.179) at <incomplete> on wlo1
? (192.168.1.136) at <incomplete> on wlo1
? (192.168.1.157) at <incomplete> on wlo1
? (192.168.1.146) at <incomplete> on wlo1
? (192.168.1.103) at <incomplete> on wlo1
? (192.168.1.124) at <incomplete> on wlo1
? (192.168.1.113) at <incomplete> on wlo1
? (192.168.1.70) at <incomplete> on wlo1
? (192.168.1.91) at <incomplete> on wlo1
? (192.168.1.80) at <incomplete> on wlo1
? (192.168.1.37) at <incomplete> on wlo1
? (192.168.1.58) at <incomplete> on wlo1
? (192.168.1.15) at <incomplete> on wlo1
? (192.168.1.4) at <incomplete> on wlo1
? (192.168.1.25) at <incomplete> on wlo1
? (192.168.1.238) at <incomplete> on wlo1
? (192.168.1.227) at <incomplete> on wlo1
? (192.168.1.248) at <incomplete> on wlo1
? (192.168.1.205) at <incomplete> on wlo1
? (192.168.1.194) at <incomplete> on wlo1
? (192.168.1.215) at <incomplete> on wlo1
? (192.168.1.172) at <incomplete> on wlo1
? (192.168.1.161) at <incomplete> on wlo1
? (192.168.1.182) at <incomplete> on wlo1
? (192.168.1.139) at <incomplete> on wlo1
? (192.168.1.128) at <incomplete> on wlo1
? (192.168.1.149) at <incomplete> on wlo1
? (192.168.1.106) at <incomplete> on wlo1
? (192.168.1.127) at <incomplete> on wlo1
? (192.168.1.116) at <incomplete> on wlo1
? (192.168.1.73) at <incomplete> on wlo1
? (192.168.1.94) at <incomplete> on wlo1
? (192.168.1.83) at <incomplete> on wlo1
? (192.168.1.40) at <incomplete> on wlo1
? (192.168.1.61) at <incomplete> on wlo1
? (192.168.1.50) at <incomplete> on wlo1
? (192.168.1.7) at <incomplete> on wlo1
? (192.168.1.28) at <incomplete> on wlo1
? (192.168.1.17) at <incomplete> on wlo1
? (192.168.1.230) at <incomplete> on wlo1
? (192.168.1.251) at <incomplete> on wlo1
? (192.168.1.240) at <incomplete> on wlo1
? (192.168.1.197) at <incomplete> on wlo1
? (192.168.1.218) at <incomplete> on wlo1
? (192.168.1.175) at <incomplete> on wlo1
? (192.168.1.164) at <incomplete> on wlo1
? (192.168.1.185) at <incomplete> on wlo1
? (192.168.1.142) at <incomplete> on wlo1
? (192.168.1.131) at <incomplete> on wlo1
? (192.168.1.152) at <incomplete> on wlo1
? (192.168.1.109) at <incomplete> on wlo1
? (192.168.1.98) at <incomplete> on wlo1
? (192.168.1.119) at <incomplete> on wlo1
? (192.168.1.76) at <incomplete> on wlo1
? (192.168.1.65) at <incomplete> on wlo1
? (192.168.1.86) at <incomplete> on wlo1
? (192.168.1.43) at <incomplete> on wlo1
? (192.168.1.32) at <incomplete> on wlo1
? (192.168.1.53) at <incomplete> on wlo1
? (192.168.1.10) at <incomplete> on wlo1
? (192.168.1.31) at <incomplete> on wlo1
? (192.168.1.20) at <incomplete> on wlo1
? (192.168.1.233) at <incomplete> on wlo1
? (192.168.1.254) at <incomplete> on wlo1
? (192.168.1.243) at <incomplete> on wlo1
? (192.168.1.200) at <incomplete> on wlo1
? (192.168.1.221) at <incomplete> on wlo1
john@home:~$

¿Qué es esto? ¿Lo que acaba de suceder? Pensé arp -aque debía escanear y enumerar otros dispositivos en la misma red. ¿Cuáles son estos resultados?

Respuesta1

Pensé arp -aque debía escanear y enumerar otros dispositivos en la misma red.

arp -ano escanea. Solo muestra la caché de vecinos de la red IPv4 del kernel. Cualquier entrada en la salida está ahí porque ya estaba en el caché, no porque haya ejecutado arp.

¿Cuáles son estos resultados?

Una entrada incompleta significa que se envió una solicitud para descubrir la dirección MAC de un vecino de la red para una dirección IP determinada, pero no se recibió respuesta (todavía). O habrá una respuesta válida en un momento, por lo que la entrada se completará y permanecerá en el caché por un tiempo; o no habrá una respuesta válida y la entrada incompleta pronto se eliminará del caché.

¿Lo que acaba de suceder?

Algo en su sistema operativo acaba de intentar acceder a todas estas direcciones IP. Podría haber sido un escáner real, por ejemplo nmap 192.168.1.0/24.

Una entrada incompleta que no se completa desaparecerá eventualmente, a menos que su sistema operativo intente acceder a la dirección IP relevante periódicamente. Un nuevo intento de acceso hará que la entrada vuelva a aparecer; o evitará que desaparezca en primer lugar.

Si eres tú quien ejecuta (o sigue ejecutando) un escáner o algo así, entonces no hay nada de qué preocuparse. El resultado publicado arp -aes normal. Incluso si arp -aahora imprime solo unas pocas entradas, imprimirá muchas:

nmap 192.168.1.0/24; arp -a

Si no eres tú entonces vale la pena investigar. El hecho de que su red haya sido escaneada desde su sistema operativo sin su conocimiento puede indicar o no que el sistema operativo se ha visto comprometido.

información relacionada