ARP table questions

I have noticed some differences between XP and Vista regarding the ARP table:

1. It is impossible to add a new entry to the ARP table if there exists an
invalid entry already.
How to reproduce:
1. Ping free IP address, "ping 10.91.1.50", the ping times out.
2. Investigate the ARP table, "arp -a -v", there exists an invalid entry
at 10.91.1.50.
3. Try to add a new entry, "arp -s 10.91.1.50 11-22-33-44-55-66", gives
the error message "The ARP entry addition failed: 5". In XP it was possible
to add the new entry without getting this error message.

2. It is impossible to remove an invalid ARP entry directly after ping.
How to reproduce:
1. Ping free IP address, "ping 10.91.1.50", the ping times out.
2. Delete the invalid ARP entry created by the ping, "arp -d 10.91.1.50"
3. Investigate the ARP table, "arp -a -v". The ARP entry hasn't been
removed although there were no error message! One must wait 20-30 seconds
after the ping times-out before successfully removing the invalid entry. I
consider this a bug, do you?

I'd agree. I'm running into a similar problem with deleting arp
entries. On a XP machine you can enter "arp -d" and it'd clear the arp
cache as mentioned. In Vista (even when you run the cmd.exe as
Administrator) I get the following message:
The ARP entry deletion failed: 87

Upon further investigation these messages occur when a user doesn't
have sufficient rights to write or delete from the arp table in Win XP,
2000, etc. Strange this is, I can reboot the system and sometimes it
WILL allow me to delete the arp cache... wierd.


--
aeris316

Same problems there.. =/

When I try to add a static ARP entry for default gateway:

arp -s 192.168.1.1 00-11-22-33-44-55 192.168.1.3, it fails with the
following message:

The ARP entry addition failed: 5

Seems it has problems adding entries for already or previously known
addresses as for every other unknown IP it works. Clearing ARP cache doesn't
help, sometimes it even throws another error: The ARP entry deletion failed:
87. With WinXP arp works w/o any problems.

How can I work safely in Vista if I can't protect myself from simple ARP
spoofing? Looking forward to solution (please don't offer any 3-rd party
software).


--
djet,
Microsoft Certified Professional

----- Original Message -----
From: "aeris316" <aeris316.2oj8o3@no-mx.forums.net>
Newsgroups: microsoft.public.windows.vista.networking_sharing
Sent: Thursday, April 05, 2007 12:17 AM
Subject: Re: ARP table questions


>
> I'd agree. I'm running into a similar problem with deleting arp
> entries. On a XP machine you can enter "arp -d" and it'd clear the arp
> cache as mentioned. In Vista (even when you run the cmd.exe as
> Administrator) I get the following message:
> The ARP entry deletion failed: 87
>
> Upon further investigation these messages occur when a user doesn't
> have sufficient rights to write or delete from the arp table in Win XP,
> 2000, etc. Strange this is, I can reboot the system and sometimes it
> WILL allow me to delete the arp cache... wierd.
>
>
> --
> aeris316

Hello there,

i got the same problem with vista ultimate running in a switched network
where a W2k3 Server acts as DHCP and DNS Server so i get my IP automatically.

We were trying to capture the data in the network with my Vista Laptop which
worked fine via ARP-Spoofing. The other machines in our network are mostly
WinXP Pro/Home pc's and we have one Mac OS X Client.

It was no problem to add a batch file containing
arp -s IP MAC
to the autostart dir so that the ARP Tables are modified with a static ARP
entry for the Gateway everytime you boot up your system.

I tried everything to modifiy my own ARP entries. I set the "Run as
Administrator" flag for cmd and the batch file. I tried to type arp -s IP
MAC, i tried to launch the batch file, i retried everything shortly after a
reboot, i deactivated the LAN-Interface but nothing worked for me.

I tried this Man-In-the-middle attack to show all 11 clients in the network
how unsecure it is and now everyone tries to spoof each other. I don't know
how to get the Macintosh Secure but every single d**n XP machine now protects
itself with a static ARP entry for the Gateway. Vista is unable to do the
same.

Is there ANY solution for this problem out there?

"djet" wrote:

> Same problems there.. =/
>
> When I try to add a static ARP entry for default gateway:
>
> arp -s 192.168.1.1 00-11-22-33-44-55 192.168.1.3, it fails with the
> following message:
>
> The ARP entry addition failed: 5
>
> Seems it has problems adding entries for already or previously known
> addresses as for every other unknown IP it works. Clearing ARP cache doesn't
> help, sometimes it even throws another error: The ARP entry deletion failed:
> 87. With WinXP arp works w/o any problems.
>
> How can I work safely in Vista if I can't protect myself from simple ARP
> spoofing? Looking forward to solution (please don't offer any 3-rd party
> software).
>
>
> --
> djet,
> Microsoft Certified Professional
>
> ----- Original Message -----
> From: "aeris316" <aeris316.2oj8o3@no-mx.forums.net>
> Newsgroups: microsoft.public.windows.vista.networking_sharing
> Sent: Thursday, April 05, 2007 12:17 AM
> Subject: Re: ARP table questions
>
>
> >
> > I'd agree. I'm running into a similar problem with deleting arp
> > entries. On a XP machine you can enter "arp -d" and it'd clear the arp
> > cache as mentioned. In Vista (even when you run the cmd.exe as
> > Administrator) I get the following message:
> > The ARP entry deletion failed: 87
> >
> > Upon further investigation these messages occur when a user doesn't
> > have sufficient rights to write or delete from the arp table in Win XP,
> > 2000, etc. Strange this is, I can reboot the system and sometimes it
> > WILL allow me to delete the arp cache... wierd.
> >
> >
> > --
> > aeris316
>

Reply to ALL

Here is an easy fix.

"computer" --> "C" --> "Windows" folder --> "System 32" folder

find "CMD.exe" --> right click --> "Run as administrator"

Then type:
"arp -d"
~~ OR ~~
"arp -d *" to delete all

Hope this helps

Shaddow


--
shaddow