no arp replys

Discussion in 'Cisco' started by michael, May 10, 2004.

  1. michael

    michael Guest

    Hello
    I'm having a situation concerning Arp where i am seeing no Arp
    reply's to many arp requests on my network when i evaluate with a
    protocol analyzer. I think the arp traffic may be at a level where it
    is disrupting traffic on the network and nodes are dropping off as a
    result. It is a microsoft 2000/xp network running active directory.
    The sniffs show alot of whois arp traffic and i see little or no arp
    reply's with the mac address. I'm wondering what this could be due
    too. It is a flat network with 175 nodes running a class b subnet.
    Wins and Dns are configured. The workstation nodes are mixed
    win2k/xp(majority being 2k), The servers are win2k. Is this high
    amount of arp traffic(between 60 to 90 percent at a server)normal and
    if not what could i do to facilitate the arp reply's. Thanks
    michael, May 10, 2004
    #1
    1. Advertising

  2. michael

    mh Guest

    That level of ARP traffic does not sound normal.

    If you have a trace, then look at the device(s) that are transmitting
    the ARPs.
    You will need to get their source MAC address from the trace and then
    track them down. If you are using an Ethernet switch, then you should
    be able to display the layer 2 forwarding table and find out what port
    the device is attached to.

    The device if a Windows PC could have a virus that is scanning your
    network looking for other PCs to attack.

    I have also seen an HP print driver bug that scanned an entire class A
    network which resulted in 90% of network traffic being ARPs.
    mh, May 10, 2004
    #2
    1. Advertising

  3. michael

    Patrick Guest

    On 9 May 2004 20:38:11 -0700, (michael) wrote:

    >Hello
    > I'm having a situation concerning Arp where i am seeing no Arp
    >reply's to many arp requests on my network when i evaluate with a
    >protocol analyzer. I think the arp traffic may be at a level where it
    >is disrupting traffic on the network and nodes are dropping off as a
    >result. It is a microsoft 2000/xp network running active directory.
    >The sniffs show alot of whois arp traffic and i see little or no arp
    >reply's with the mac address. I'm wondering what this could be due
    >too. It is a flat network with 175 nodes running a class b subnet.
    >Wins and Dns are configured. The workstation nodes are mixed
    >win2k/xp(majority being 2k), The servers are win2k. Is this high
    >amount of arp traffic(between 60 to 90 percent at a server)normal and
    >if not what could i do to facilitate the arp reply's. Thanks


    How is your protocol analyzer connected to the network? If you're on a
    switch, it would be logical that you don't see ARP reply's.

    The ARP requests are in the fowm of a broadcast, so sent to every
    port. However, the reply is sent as an unicast to the host which made
    the ARP request.

    Unless you configured a SPAN por, you won't see this traffic on a
    switched network. This would also explain why you see such a high
    percentage of ARP requests: the unicast traffic isn't captured by your
    protocol analyzer.


    With kind regards,

    Patrick
    Patrick, May 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nospam

    Loss of DNS/ARP responses from Linksys WAG54G

    nospam, Feb 12, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    2,611
    nospam
    Feb 15, 2005
  2. =?Utf-8?B?Y2IzOTk0MA==?=

    arp cache

    =?Utf-8?B?Y2IzOTk0MA==?=, Jun 24, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    5,128
    =?Utf-8?B?UFJBTkpBTCBLVU1BUg==?=
    Jun 26, 2005
  3. Benjamin P.

    Grouping the replys in Mozilla?

    Benjamin P., Apr 15, 2004, in forum: Firefox
    Replies:
    11
    Views:
    651
    .BRIAN.
    Apr 15, 2004
  4. Western Alarm

    inline Gmail replys with different color text

    Western Alarm, Feb 10, 2007, in forum: Computer Support
    Replies:
    9
    Views:
    5,126
    fuzuku
    Nov 30, 2012
  5. Darren Green

    Arp or Proxy Arp

    Darren Green, Feb 20, 2009, in forum: Cisco
    Replies:
    0
    Views:
    513
    Darren Green
    Feb 20, 2009
Loading...

Share This Page