Ethereal-users: Re: [Ethereal-users] Why was I getting "ARP storms" on my network....

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 08 Sep 2005 00:23:08 -0700
Gary Mansell wrote:


It would seem that dodgy network connections in this switch caused by it
hanging by the UTP cables was causing numerous machines around the
network to create hundreds of ARP requests every minute or so.

Please can someone explain to me why this was happening.
I can't give an authoritative explanation, but if machines on the network were trying to contact machines on the switch that was hanging by its cables, and the ARP entries for that host had timed out, perhaps the other machines on the network were sending out ARP requests for the machines on the troublesome switch, failing to get any response, and trying again.
I wouldn't expect a 3000 packet/second ARP storm for that, however. (Even 50-70 ARPs per second seems a bit high, although with 1000 hosts and a 20-second ARP timeout and a uniform distribution of ARP entry timeouts, I guess you could get 50 ARPs/second.)
What were the IP addresses being ARPed for? Were they addresses for hosts on that switch? Or were the machines *sending* the ARPs machines on that switch?