I have been able to clear all of the entries from my arp cache except one. I has the ip address _gateway and the MAC address is that of my router.
I have tried "sudo arp -d _gateway", "sudo arp -a -d _gateway" and "sudo ip -s -s neigh flush all"
There are no error messages. In fact the command seems to run but then when I check the arp table the _gateway listing is still there.
1 Answer
_gateway is not an IP address. It's a hostname; in fact it's a virtual hostname that libnss_myhostname resolves to whatever gateways are configured for the system's default route. To see the actual IP address, use arp -n or preferably ip neigh.
Most likely, your flush/delete command actually succeeds – but the cache is immediately repopulated, because as soon as the system has to send another packet through the gateway, it has to re-learn its MAC address. Whenever that happens, the ARP cache entry of course shows up again.
To check if that's the case, use ip monitor or ip mon neigh. While having this command running in one terminal, run sudo ip nei flush all in another, and you should see the cache entry immediately getting deleted but soon readded on demand. Even on mostly-idle systems, this can occur in just a few seconds.
