is it possible for a UDP socket to receive an ARP message

1
votes

I have created a udp socket under linux to discover another system on the network. After creating a udp socket and assigning src IP , src Port, dst port (I know the correct value) and a dst IP (broadcast), application sends a UDP packet to the other end. The idea is to make the other computer sends back a UDP packet so my computer deduce the destination IP address. The other end is responding with an ARP message that contains its IP, port as well as my IP&port.

Although, the socket I am using is datagram my application declares the other end is discovered and can get its IP. It seems like the udp socket I am using has received the ARP message sent by the other end, which looks confusing to me.

Please has anyone an explanation of what happens.

Thank you very much.

1
linuxsocketsudparp
How do you know that the other end is responding with an ARP? Why do you think it is ARP?rodrigo
Hi Rodrigo, I included more details below.user2410592

1 Answers

7
votes

ARP is not a UDP based protocol and thus cannot be captured with an UDP socket. Have a look at the OSI layer and you will find ARP at layer 2..3 (link..network) while UDP is at the transport layer (layer 4). Without ARP UDP cannot even work in the local network.

If you send an UDP packet from your socket it will look into the ARP cache of the system to find out the hardware address (MAC) associated with the target IP address (at least if the target IP is inside the same local network). If there is no valid cached entry it will do an ARP request. This ARP request is "owned" by the kernel an it is not associated with your socket, even if the send on your socket caused the ARP lookup. Once the kernel (not your socket) receives the ARP reply it will know the targets MAC address and can thus encapsulate your IP packet (UDP is based on IP) into a frame for the local (physical) network (with the local and target MAC included) and send it out through the network card.