rowansmith
asked on
Weird ARP requests
I have a Vista SP1 box that is doing some bizzare stuff.... I just installed Wireshark on it for another exercise and have discovered that this box is broadcasting ARP requests in a weird fashion.
The machine is on 192.168.1.68/24
Firstly it is arping for a whole stack of hosts on the 192.168.1.0/24 network - now I can accept this, these appear to be in my DHCP range but they sure do not exist anymore. (these arp requests have been going on for several hours)... what the heck they are I have no idea....
More importantly (or bizzarely) it is arping for 192.168.2.1 and 192.168.2.233.
Now this box USED to be on the 192.168.2.0 network and 192.168.2.1 used to be it's default gateway. It no longer is and in fact this network no longer even exists in my house!!! It's been on the 192.168.1.0/24 network for about 3 months, during that time it has been rebooted MANY times.
So what the HECK is causing it to arp for 192.168.2.0/24 addresses?
And how can I determine what is causing it to arp for (seemingly) random IP addresses on the 192.168.1.0/24 network ....
The box repeatably arps for 192.168.1.1 which is the default gateway. It should cache this and only arp for it when the time is right!
This is the weirdest behavior I have ever seen....
According to the routing table 192.168.2.0/24 is no where to be seen so it should not even be arping for these addresses - end of story - they should be going via the gateway.
The machine is on 192.168.1.68/24
Firstly it is arping for a whole stack of hosts on the 192.168.1.0/24 network - now I can accept this, these appear to be in my DHCP range but they sure do not exist anymore. (these arp requests have been going on for several hours)... what the heck they are I have no idea....
More importantly (or bizzarely) it is arping for 192.168.2.1 and 192.168.2.233.
Now this box USED to be on the 192.168.2.0 network and 192.168.2.1 used to be it's default gateway. It no longer is and in fact this network no longer even exists in my house!!! It's been on the 192.168.1.0/24 network for about 3 months, during that time it has been rebooted MANY times.
So what the HECK is causing it to arp for 192.168.2.0/24 addresses?
And how can I determine what is causing it to arp for (seemingly) random IP addresses on the 192.168.1.0/24 network ....
The box repeatably arps for 192.168.1.1 which is the default gateway. It should cache this and only arp for it when the time is right!
This is the weirdest behavior I have ever seen....
According to the routing table 192.168.2.0/24 is no where to be seen so it should not even be arping for these addresses - end of story - they should be going via the gateway.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home.smith.gen.nz
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connecti
on
Physical Address. . . . . . . . . : 00-1A-A0-9D-2C-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::58a2:e6e0:62d2:628d%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, 19 June 2008 3:03:02 p.m.
Lease Expires . . . . . . . . . . : Friday, 20 June 2008 3:03:01 p.m.
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 203.97.33.1
203.97.37.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460
220}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460
220}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
C:\Users\Rowan Smith>route print
===========================================================================
Interface List
9 ...00 1a a0 9d 2c ad ...... Intel(R) 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
11 ...00 00 00 00 00 00 00 e0 isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460220}
12 ...00 00 00 00 00 00 00 e0 isatap.{00C0C492-BCBC-4A58-9ABE-34BC9F460220}
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.68 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.68 40
169.254.255.255 255.255.255.255 On-link 192.168.1.68 276
192.168.1.0 255.255.255.0 On-link 192.168.1.68 276
192.168.1.68 255.255.255.255 On-link 192.168.1.68 276
192.168.1.255 255.255.255.255 On-link 192.168.1.68 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
9 276 fe80::58a2:e6e0:62d2:628d/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Autoconfiguration Enabled . . . . : Yes
dnudelman
Turn off IPv6 if you are not using it.
ASKER
Yeah that is another independant question in itself - how the heck do you turn off IPv6? Is it a simple matter of removing it from the Interface?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is a link I found on how to turn off IPv6...
http://www.mydigitallife.info/2007/09/09/disable-and-turn-off-ipv6-support-in-vista/
http://www.mydigitallife.info/2007/09/09/disable-and-turn-off-ipv6-support-in-vista/