Sun Solaris System Admin » cache

Display/Add/Delete/modify ARP entries in ARP Table

admin — Thu, 24 Apr 2008 18:42:50 +0000

Not so often we would end up troubleshooting or manipulating ARP and ARP tables in Sun Solaris. However, following are some of the useful commands which can help when required. The following commands will help you display,modify,add,delete ARP entries in Sun Solaris ARP table.

Display ARP table

sunsolaris# arp -a
Net to Media Table: IPv4
Device   IP Address               Mask      Flags   Phys Addr
—— ——————– ————— —– —————
pcn0   192.168.0.1          255.255.255.255       00:18:4d:f8:a4:6e
pcn0   192.168.0.2          255.255.255.255       00:13:ce:85:0e:e1
pcn0   sunsolaris            255.255.255.255 SP    00:0c:29:d3:76:89
pcn0   BASE-ADDRESS.MCAST.NET 240.0.0.0       SM    01:00:5e:00:00:00

Delete an ARP entry

sunsolaris# arp -d 192.168.0.1
192.168.0.1 (192.168.0.1) deleted

To verify the entry indeed is deleted

sunsolaris# arp -a
Net to Media Table: IPv4
Device   IP Address               Mask      Flags   Phys Addr
—— ——————– ————— —– —————
pcn0   192.168.0.2          255.255.255.255       00:13:ce:85:0e:e1
pcn0   solaris10            255.255.255.255 SP    00:0c:29:d3:76:89
pcn0   BASE-ADDRESS.MCAST.NET 240.0.0.0       SM    01:00:5e:00:00:00

You can see the ARP entry for 192.168.0.1 is longer found.

Add a Static entry

sunsolaris# arp -s 192.168.0.1 00:18:4d:f8:a4:6e

Syntax is

arp -s HOSTNAME MAC-Address

where

pub – publishes the ARP entries to other hosts on the network

temp – Temporary entry

trail – Allows Trailer Encapsulations to be sent to host

You can also read static entries from a file. This can come handy if you decide that all ARP entries are static and no ARP requests are sent and received from the system. You can add the static entries onto a file and add the arp command onto the network init scripts in /etc/rc2.d/

To read from file

sunsolaris# arp -f /etc/host_mac

where /etc/host_mac is my file name from where the ARP entries are read.

To check the current ARP caching time

sunsolaris# ndd -get /dev/arp arp_cleanup_interval
500000

where 500000 in milliseconds indicates 5mins

To modify ARP Cache timing, click here

Reduce ARP caching time in Sun Solaris using ndd

admin — Thu, 24 Apr 2008 18:02:40 +0000

ARP attacks are the easiest attacks that can be launched on a network or a Server causing a Denial of Service. One of those things that can be done on the Sun Solaris Operating System is to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the hacker.

The default time that ARP entries are cached in a Sun Solaris system is 5 mins.

However, this can be reduced to lower level (say 3mins). This means that the number of ARP requests and ARP replies to and from the server will increase as a result. So, before modifying the caching time, check if this can cause andy congestion on your network.

To set the ARP cache time period

solaris# ndd -set /dev/arp arp_cleanup_interval 180000

The above command sets the interval to 3 minutes (1min is equal to 60000ms). Now, all the ARP entries are flushed at a faster rate (every 3mins)

For this change to persist across reboots, add this command onto the init scripts in /etc/rc2.d directory for your network interface (where all the required ndd commands are run).

nscd caching daemon in Sun Solaris

admin — Mon, 28 Jan 2008 19:25:20 +0000

The nscd daemon is a caching daemon in Sun Solaris. It provides caching services for hosts,passwd,group,ipnodes databases using various nameservice lookups like hosts file, DNS, NIS,NIS+ and more. Each cache has a separate time-to-live for its data and modifying the local database like /etc/hosts invalidates that cache within ten seconds. nscd doesn’t cache /etc/shadow (contains encrypted passwords for /etc/passwd) file simple for security reasons as anyone would understand.

As nscd daemon provides caching service, it is necessary when you run a name service like DNS, NIS or NIS+ in your network. The configuration of nscd daemon can customised using the /etc/nscd.conf file and it is important more from a security point of view where you can control what is and how is cached on your solaris server.

A sample configuration looks like the following

enable-cache          passwd no
enable-cache          group no
positive-time-to-live hosts 3600
negative-time-to-live hosts 5
suggested-size        hosts 211
keep-hot-count        hosts 20
old-data-ok           hosts no
check-files           hosts yes

Each line of the config file has an attribute and a value or an attribute, cachename and value

Example:

attribute: enable-cache

cachename: group or passwd

Value: 3600 (time in seconds) or yes/no for to cache or not to cache.

Enable/Disable nscd caching

However, if caching is not required, disable the service at start up by renaming the startup script

/etc/rc2.d/S76nscd

/etc/rc2.d/s76nscd

optionally, rename the kill scrips in /etc/rc1.d/, /etc/rcS.d/, /etc/rc0.d/ from

K40nscd

k40nscd

Manually Start & Stop nscd daemon

To start & stop nscd daemon manually:

Start nscd

solaris#/etc/init.d/nscd start

Stop nscd

solaris#/etc/init.d/nscd stop

For more information, please check the Sun man pages

How to Flush DNS Cache in Sun Solaris

admin — Fri, 11 Jan 2008 23:21:44 +0000

It may be sometime required to flush your DNS Cache mostly when trying to troubleshoot a problem with your name service or when there was an invalid DNS entry after a server outage. The possible solution to clear these cached invalid entries or to wait till the record expires based on its TTL (Time To Live)

The NSCD daemon in Solaris and ofcourse in UNIX and most of the Linux falvors maintains the system cache including the DNS/Name service cache.

All it needs is to restart the nscd aemon to flush the DNS cache.

Do a

# ps -ef|grep nscd

This will find the PID for the NSCD daemon.

Now, do a

#pkill

#kill

Now, check if the nscd process is killed by using

# ps -ef|grep nscd

Now, start the nscd daemon by using

#/usr/sbin/nscd

This should start the nscd daemon and there you go, you have flushed the DNS Cache in your Solaris Server.

Click here for the man page for NSCD in Solaris