Errata

Correction To ARP
On page 75, in the last paragraph, through page 76, in the first two paragraphs, Change:

"When the ARP Reply is sent, it is sent to the defending node's MAC address. The unicast
ARP Reply does not correct the improper ARP cache entries. Therefore, to reset the ARP
cache entries that were improperly updated by the offending node's sending of the gratuitous
ARP Request, the defending node sends another broadcast ARP Request. The
defending node's ARP Request is a gratuitous ARP, as if the defending node were doing
its own conflict detection. The defending node’s ARP Request contains the SHA set to
the defending node's MAC address. Network segment nodes that have had their ARP cache
entries improperly set to [conflicting IP address, offending node's MAC address] are
reset to the proper mapping of [conflicting IP address, defending node’s MAC address].

The Network Monitor trace in Capture 03-02 (in the Captures folder on the companion
CD-ROM) shows the gratuitous ARP and address conflict exchange. Frame 1 is the
offending node's gratuitous ARP. Frame 2 is the defending node's ARP Reply. Frame 3 is
the defending node's gratuitous ARP. At the end of Frame 3, all network segment nodes
that have the IP address 169.254.0.1 in their ARP caches have been reset to the proper
MAC address of 0x00-60-97-02-6D-3D."To:

"When the ARP Reply is sent, it is sent to the defending node's MAC address. The unicast
ARP Reply does not correct the improper ARP cache entries. Therefore, to reset the ARP
cache entries that were improperly updated by the offending node's sending of the gratuitous
ARP Request, the offending node sends another broadcast ARP Request. The
offending node's ARP Request is a gratuitous ARP with a spoofed source MAC address set
to the defending node's MAC address, as if the defending node were doing
its own conflict detection. The offending node's ARP Request contains the SHA set to
the defending node's MAC address. Network segment nodes that have had their ARP cache
entries improperly set to [conflicting IP address, offending node's MAC address] are
reset to the proper mapping of [conflicting IP address, defending node's MAC address].

The Network Monitor trace in Capture 03-02 (in the Captures folder on the companion
CD-ROM) shows the gratuitous ARP and address conflict exchange. Frame 1 is the
offending node's gratuitous ARP. Frame 2 is the defending node's ARP Reply. Frame 3 is
the offending node's gratuitous ARP with the spoofed source MAC address. At the end of
Frame 3, all network segment nodes that have the IP address 169.254.0.1 in their ARP
caches have been reset to the proper MAC address of 0x00-60-97-02-6D-3D."

DEFENDING Should Be OFFENDING On page 75 there is an error in describing how DHCP Duplicate IP Address Detection is handled. The text states that after a DHCP conflict the DEFENDING system will broadcast an additional gratuitous ARP to reset the host in the broadcast domain. It is actually the OFFENDING system that sends the additional gratuitous ARP with a spoofed MAC address of the defending system.Change:"DEFENDING"To:"OFFENDING"

Corrections To Port Numbers On page 290, in Table 12-1, the port numbers for NNTP and LDAP are wrong.Change:19 Network News Transfer Protocol (NNTP)339 Lightweight Directory Access Protocol (LDAP)To:119 Network News Transfer Protocol (NNTP)389 Lightweight Directory Access Protocol (LDAP)

Header Should Be Trailer
On page 623, in the last bullet item,Change:"All the fields in the ESP header except the Authentication Data field"To:"All the fields in the ESP trailer except the Authentication Data field"
Microsoft Press is committed to providing informative and accurate
books. All comments and corrections listed above are ready for
inclusion in future printings of this book. If you have a later printing
of this book, it may already contain most or all of the above corrections..