Re: ARP idea (conjecture)

[Jordan Ritter <jpr5 () darkridge com>]

On Tue, 29 Jun 1999, Rob Quinn wrote:

> > I'm not even sure if arp timeouts are OS-specific
>
> From experience, the timeout for a Cisco router is at least several
> hours. That's how long I waited before power cycling anyway, it could
> be longer. I doubt this will be a very productive method, and if
> you're on the wire you probably have a lot of other options open to
> you.

I haven't played with ARP timeouts yet so I can't even say whether this
would be useful in any situation.  However, I'd venture a guess and say it
is very likely there are differences, and if there's at least one OS whose
ARP timeout behaviour can be (easily) differentiated from the rest, then
on a simple theoretical level this could be useful for affirming or
negating any educated guess our other algorithms come up with.

Of course, two huge strikes against using ARP timeouts:

1. Timeout-based assessment is not reliable in and of itself, as there are
   many factors that can interfere with the algorithm and results, and
2. This in particular would only be useful if you're on the same wire (as
   Rob pointed out).
 

--jordan