Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > no arp replys

Reply
Thread Tools

no arp replys

 
 
michael
Guest
Posts: n/a
 
      05-10-2004
Hello
I'm having a situation concerning Arp where i am seeing no Arp
reply's to many arp requests on my network when i evaluate with a
protocol analyzer. I think the arp traffic may be at a level where it
is disrupting traffic on the network and nodes are dropping off as a
result. It is a microsoft 2000/xp network running active directory.
The sniffs show alot of whois arp traffic and i see little or no arp
reply's with the mac address. I'm wondering what this could be due
too. It is a flat network with 175 nodes running a class b subnet.
Wins and Dns are configured. The workstation nodes are mixed
win2k/xp(majority being 2k), The servers are win2k. Is this high
amount of arp traffic(between 60 to 90 percent at a server)normal and
if not what could i do to facilitate the arp reply's. Thanks
 
Reply With Quote
 
 
 
 
mh
Guest
Posts: n/a
 
      05-10-2004
That level of ARP traffic does not sound normal.

If you have a trace, then look at the device(s) that are transmitting
the ARPs.
You will need to get their source MAC address from the trace and then
track them down. If you are using an Ethernet switch, then you should
be able to display the layer 2 forwarding table and find out what port
the device is attached to.

The device if a Windows PC could have a virus that is scanning your
network looking for other PCs to attack.

I have also seen an HP print driver bug that scanned an entire class A
network which resulted in 90% of network traffic being ARPs.
 
Reply With Quote
 
 
 
 
Patrick
Guest
Posts: n/a
 
      05-10-2004
On 9 May 2004 20:38:11 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) (michael) wrote:

>Hello
> I'm having a situation concerning Arp where i am seeing no Arp
>reply's to many arp requests on my network when i evaluate with a
>protocol analyzer. I think the arp traffic may be at a level where it
>is disrupting traffic on the network and nodes are dropping off as a
>result. It is a microsoft 2000/xp network running active directory.
>The sniffs show alot of whois arp traffic and i see little or no arp
>reply's with the mac address. I'm wondering what this could be due
>too. It is a flat network with 175 nodes running a class b subnet.
>Wins and Dns are configured. The workstation nodes are mixed
>win2k/xp(majority being 2k), The servers are win2k. Is this high
>amount of arp traffic(between 60 to 90 percent at a server)normal and
>if not what could i do to facilitate the arp reply's. Thanks


How is your protocol analyzer connected to the network? If you're on a
switch, it would be logical that you don't see ARP reply's.

The ARP requests are in the fowm of a broadcast, so sent to every
port. However, the reply is sent as an unicast to the host which made
the ARP request.

Unless you configured a SPAN por, you won't see this traffic on a
switched network. This would also explain why you see such a high
percentage of ARP requests: the unicast traffic isn't captured by your
protocol analyzer.


With kind regards,

Patrick





 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
inline Gmail replys with different color text Western Alarm Computer Support 9 11-30-2012 06:47 PM
Arp or Proxy Arp Darren Green Cisco 0 02-20-2009 09:38 PM
Loss of DNS/ARP responses from Linksys WAG54G nospam Wireless Networking 6 02-15-2005 05:30 PM
Grouping the replys in Mozilla? Benjamin P. Firefox 11 04-15-2004 04:46 AM



Advertisments