Who has IP? Tell IP
30.1 gateway
30.30 first IP in dhcp pool.
IP has not been assigned in scope (its available).
Wireshark showing broadcast source of gateway SG300-52P.
However SG300-52P arp table has no reference (guess that's obvious from the packet info).
Not sure how to find where this request is coming from and/or how to turn it off.
Some system tries to access the 10.0.30.30 through the router.
So the router tries to find the MAC address for this system ==> ARP requests.
It has nothing to do with the DHCP as such.
Is there a port forwarding on the SG300-52P? any other special thing configured? around ip address 10.0.30.30?
Destination: Broadcast
Protocol: ARP
Length: 60
Info: Who has 10.0.30.30? Tell 10.0.30.1
So it looks to me like something on my network is trying to find 10.0.30.30.
However, I have no devices registered with this IP. Possibly at some point I did since its the first IP in the scope.
Just trying to figure out where this is coming from and how to make it stop.
If someone tries to reach (or ping) 10.0.30.30, the gateway's job is to find a way to that address.
So it sends broadcasts (ARP requests) to get the MAC address for 10.0.30.30.
As log as no one use this address, nobody can make an entry to his arp-table.
I have static routes in my ASA to vlan 10.0.30.0 and on the switch.
But nothing specifically routed to 30.30. since its in my dhcp scope.
Something had that address in the past. But not in a long while.
Dirk,
the way you describe it is what has me puzzled. no one should be trying to reach it.
but something seems to be looking for it.
I'm just trying to eliminate unnecessary chatter on the network
@Dirk that is only if the traffic goes through the router. Not if it another system on the LAN.
The ARP table should show an unresolved ARP entry... (hw address mentioning incomplete ..)
@ShawnGray
No ALG active? no proxies? Is the running config the same as the stored config?...
If there is a DHCP request from a system it may try to do a reachability check.. for the proposed address. That involves a least ARP.
Then there should be a system receiving that address shortly after it.
You may need a better picture by sampling a copy of all traffic to your SG300-52P
To high values for lease duration, incorrect DNS TTL? So that one device thinks the name it wants to resolve is still at 30.30, but your gateway doesn't know it, cause that device has already a new IP?
So in addition to the other answers: You should look at your gateway to identify who wants to reach 30.30. Then flush the DNS cache on that machine or its upstream DNS cache.
I'm seeing the same frequency of activity from NBNS.
I'm not quite sure what that might be. Could you expand on the specifics of the situation?