?
Solved

ARP going nuts?

Posted on 2013-01-04
2
Medium Priority
?
328 Views
Last Modified: 2013-03-01
I have an Android phone connected to company Wi-Fi.  I noticed recently the download arrow is always on.  A little research shows that this is due to broadcast and/or multicast traffic.  I fire up Wireshark and notice something seems to be up with extremely high ARP traffic (~75%).  I did install a new AD / DNS server a few weeks ago.  This could have started at the same time?

Capture1There is no recurring themes with the source & destination.  It varies a ton.

Any ideas to look for?

thanks
0
Comment
Question by:admineo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 2000 total points
ID: 38744562
How many devices would you estimate are using your wireless network? And what type of switch is the WAP connected to?

If the number of devices using wireless is high, and clients are constantly connecting/disconnecting from the network, you can assume that the ARP traffic (broadcasts, probes and announcements) will be very high.
0
 

Author Comment

by:admineo
ID: 38750701
Sorry for the slow response - had a busy weekend.  

We only have about 20-30 wireless devices spread over 4-5 AP's.  They are connected to L2 HP switches.  

We have some VLAN segmentation.... but something doesn't seem right.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question