Re: Large number of ARP request on network?

From: Dave (noone_at_nowhere.com)
Date: 03/10/04

Next message: Jeff Cochran: "Re: Can I do this with DHCP?"
Previous message: Hobbes: "Delayed write errors across network home folders"
In reply to: Tim A. Fleming: "Large number of ARP request on network?"
Next in thread: Rob Elder, MVP-Networking: "Re: Large number of ARP request on network?"
Reply: Rob Elder, MVP-Networking: "Re: Large number of ARP request on network?"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 10 Mar 2004 22:39:38 -0000

that can be a symptom of blaster, welchia or nachi worm infestations. check
all machines for those and any other virus/worm while you are at it. part
of the question is, how large is large? i have seen one machine on a
100mbit ethernet virtually saturate the t1 feeding our office with that
stuff... or is it an arp a minute or something like that??

"Tim A. Fleming" <tfleming@gha-nc.org> wrote in message
news:u2DHWhuBEHA.628@TK2MSFTNGP10.phx.gbl...
> Hello,
>
> I have downloaded Etherreal and have noticed a large number of Address
> Resolution Protocol requests on our network. Systems are asking
> (particularly the server) who has address 192.168.?.?.
>
> We are running DNS and DHCP which when we enter IPCONFIG on a desktop
> everything reports back correctly. All desktops are running Win2K
> professional and the server is running Win2k Server.
>
> Everything seems to be working but the number of ARP request concern me.
> Should I be concerned?
>
> I always thought that using DHCP and DNS would reduce or eliminate ARP
> broadcasts. I know the client will initiate a Dhcpdiscover packet upon
> initial bootup. That systems a client talks to will be added to the ARP
> cach. But broadcasts should be reduced or eliminated if you have setup
DHCP
> and DNS correctly.
>
> Thank You.
>
>

Next message: Jeff Cochran: "Re: Can I do this with DHCP?"
Previous message: Hobbes: "Delayed write errors across network home folders"
In reply to: Tim A. Fleming: "Large number of ARP request on network?"
Next in thread: Rob Elder, MVP-Networking: "Re: Large number of ARP request on network?"
Reply: Rob Elder, MVP-Networking: "Re: Large number of ARP request on network?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Determining MAC address
... # of the machines in question are on the same VLAN however others ... if you have access to the routers/switches, you can see the arp ... machine names are easy and IP is also easy, at least assuming DNS ... DHCP server does DNS too). ...
(comp.lang.ruby)
Re: Any reasons to filter ARP packets?
... hundreds and maybe even thousands machines. ... the network device is open for ARP packets since ... Essentially the goal of this attack is similar, ...
(comp.os.linux.security)
Re: Translate MAC address to IP address
... >> every packet and counts traffic volume by source and destination MAC. ... with a bunch of gateway machines on it. ... results from the local ARP table. ...
(freebsd-net)
Re: scan for machines in the subnet
... the current subnet from one of the machines and get their MAC-adresses. ... Ask the network administrator? ... has intelligence (and you have access to that switch), ... ARP cache, except that the switch should know where everyone is (which ...
(comp.os.linux.networking)
Re: Random packets loss under x86_64 - routing?
... > We experience a problem in our amd64 beowulf clusters and could need ... it fails for some machines. ... It only happens with ping, ... entry from the ARP tables. ...
(Linux-Kernel)