Solved

Weird ARP requests

Posted on 2008-06-19
4
371 Views
Last Modified: 2013-11-12
I have a Vista SP1 box that is doing some bizzare stuff.... I just installed Wireshark on it for another exercise and have discovered that this box is broadcasting ARP requests in a weird fashion.

The machine is on 192.168.1.68/24

Firstly it is arping for a whole stack of hosts on the 192.168.1.0/24 network - now I can accept this, these appear to be in my DHCP range but they sure do not exist anymore.  (these arp requests have been going on for several hours)... what the heck they are I have no idea....

More importantly (or bizzarely) it is arping for 192.168.2.1 and 192.168.2.233.

Now this box USED to be on the 192.168.2.0 network and 192.168.2.1 used to be it's default gateway.  It no longer is and in fact this network no longer even exists in my house!!!  It's been on the 192.168.1.0/24 network for about 3 months, during that time it has been rebooted MANY times.

So what the HECK is causing it to arp for 192.168.2.0/24 addresses?

And how can I determine what is causing it to arp for (seemingly) random IP addresses on the 192.168.1.0/24 network ....

The box repeatably arps for 192.168.1.1 which is the default gateway.  It should cache this and only arp for it when the time is right!

This is the weirdest behavior I have ever seen....
According to the routing table 192.168.2.0/24 is no where to be seen so it should not even be arping for these addresses - end of story - they should be going via the gateway.
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : home.smith.gen.nz
   Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
   Physical Address. . . . . . . . . : 00-1A-A0-9D-2C-AD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::58a2:e6e0:62d2:628d%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 19 June 2008 3:03:02 p.m.
   Lease Expires . . . . . . . . . . : Friday, 20 June 2008 3:03:01 p.m.
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 203.97.33.1
                                       203.97.37.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460
220}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 10:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460
220}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
 
 
 
 
C:\Users\Rowan Smith>route print
===========================================================================
Interface List
  9 ...00 1a a0 9d 2c ad ...... Intel(R) 82562V-2 10/100 Network Connection
  1 ........................... Software Loopback Interface 1
  8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 11 ...00 00 00 00 00 00 00 e0  isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460220}
 12 ...00 00 00 00 00 00 00 e0  isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460220}
 15 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.68     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link      192.168.1.68     40
  169.254.255.255  255.255.255.255         On-link      192.168.1.68    276
      192.168.1.0    255.255.255.0         On-link      192.168.1.68    276
     192.168.1.68  255.255.255.255         On-link      192.168.1.68    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.68    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.68    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.68    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  9    276 fe80::/64                On-link
  9    276 fe80::58a2:e6e0:62d2:628d/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
   Autoconfiguration Enabled . . . . : Yes

Open in new window

0
Comment
Question by:rowansmith
  • 3
4 Comments
 
LVL 6

Expert Comment

by:dnudelman
ID: 21823713
Turn off IPv6 if you are not using it.
0
 
LVL 11

Author Comment

by:rowansmith
ID: 21827796
Yeah that is another independant question in itself - how the heck do you turn off IPv6?  Is it a simple matter of removing it from the Interface?
0
 
LVL 11

Accepted Solution

by:
rowansmith earned 0 total points
ID: 21827803
I found my problem ... DELL Network Assistant was the culprit.

Once I stopped this the ARP storm stopped.

I uninstalled Dell Network Assistant and made my network a whole lot quieter....
0
 
LVL 11

Author Comment

by:rowansmith
ID: 21835797
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 78
Stuck in INIT/DROTHER 2 53
forward schedule of change 1 65
EIGRP Bandwidth 9 21
The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question