Provided by: farpd_0.2-10build1_amd64 bug


     farpd — ARP reply daemon


     farpd [-d] [-i interface] [net ...]


     farpd replies to any ARP request for an IP address matching the specified destination net
     with the hardware MAC address of the specified interface, but only after determining if
     another host already claims it.

     Any IP address claimed by farpd is eventually forgotten after a period of inactivity or
     after a hard timeout, and is relinquished if the real owner shows up.

     This enables a single host to claim all unassigned addresses on a LAN for network monitoring
     or simulation.

     farpd exits on an interrupt or termination signal.

     Note: The program name farpd has been changed in Debian GNU/Linux from the original name
     (arpd) to avoid name clash with other ARP daemons.

     The options are as follows:

     -d      Do not daemonize, and enable verbose debugging messages.

     -i interface
             Listen on interface.  If unspecified, farpd searches the system interface list for
             the lowest numbered, configured ``up'' interface (excluding loopback).

     net     The IP address or network (specified in CIDR notation) or IP address ranges to claim
             (e.g. ``'', ``'' or ``''). If unspecified,
             farpd will attempt to claim any IP address it sees an ARP request for.  Mutiple
             addresses may be specified.




     pcapd(8), synackd(8)


     farpd will respond too slowly to ARP requests for some applications. In order to ensure that
     it does not claim existing IP addresses it will send two ARP request and wait for a reply.
     This slowness affects the nmap network scanning tool, and possibly others, which uses by
     default ARP when scanning local networks. The answers from farpd will come after the tool
     has timeout waiting for the ARP replies and, consequently, IP addresses claimed by farpd
     will not be discovered.

     Additionally, farpd sends the ARP replies to the broadcast address of the network and not to
     the host that send the ARP request. Some systems and applications (notably nmap) will not
     handled these requests and expect directed ARP replies (i.e. targeted specifically to the
     host that sent the request and not to the network)


     Dug Song ⟨⟩, Niels Provos ⟨⟩

                                          August 4, 2001