Thanks very much for taking the time to respond to my question - I know it was probably a bit off topic for this list but I was a bit stuck trying to find where to ask the question. If you or anyone can point me in the direction of a more suitable list to ask the question then I would be grateful.
Back to the point - the machines that were doing all of the ARP's where not on the dodgy switch and the machines that were being ARP'ed were not on the dodgy switch either - this is why it is a bit of a mystery to me. I know that in at least two cases, one of the ARP'ing machines was repeatedly (hundreds of times in a few seconds) trying to ARP an IP address that did not exist on the network anymore, I am not sure if all of the machines that were ARP'ing were trying to ARP non existent IP's, though (my guess would be not).
It seems to me that an electrical problem with the dodgy switch was causing machines elsewhere on the network to keep ARP'ing repeatedly the same IP address but I have never seen this before and cannot understand why.
Regards
On Thu, 2005-09-08 at 00:23 -0700, Guy Harris wrote:
Gary Mansell wrote:
> It would seem that dodgy network connections in this switch caused by it
> hanging by the UTP cables was causing numerous machines around the
> network to create hundreds of ARP requests every minute or so.
>
> Please can someone explain to me why this was happening.
I can't give an authoritative explanation, but if machines on the
network were trying to contact machines on the switch that was hanging
by its cables, and the ARP entries for that host had timed out, perhaps
the other machines on the network were sending out ARP requests for the
machines on the troublesome switch, failing to get any response, and
trying again.
I wouldn't expect a 3000 packet/second ARP storm for that, however.
(Even 50-70 ARPs per second seems a bit high, although with 1000 hosts
and a 20-second ARP timeout and a uniform distribution of ARP entry
timeouts, I guess you could get 50 ARPs/second.)
What were the IP addresses being ARPed for? Were they addresses for
hosts on that switch? Or were the machines *sending* the ARPs machines
on that switch?
--
Gary Mansell
Technical Computing Team Leader
IT Department
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ricardo UK Direct Line: 01273 794485
Shoreham Technical Centre, Switchboard: 01273 455611
Shoreham By Sea, Facsimile: 01273 794699
West Sussex. Internet: www.ricardo.com
BN43 5FG E-Mail: Gary.Mansell@xxxxxxxxxxx
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
--
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to
whom they are addressed.
If you have received this e-mail in error please notify the sender immediately and delete this e-mail from your system. Please note that any views
or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Ricardo (save for reports and other
documentation formally approved and signed for release to the intended recipient). Only Directors or Duly Authorised Officers are authorised to
enter into legally binding obligations on behalf of Ricardo unless the obligation is contained within a Ricardo Purchase Order.
Ricardo may monitor outgoing and incoming e-mails and other telecommunications on its e-mail and telecommunications systems. By replying to
this e-mail you give consent to such monitoring. The recipient should check e-mail and any attachments for the presence of viruses. Ricardo
accepts no liability for any damage caused by any virus transmitted by this e-mail. "Ricardo" means Ricardo plc and its subsidiary companies.
Ricardo plc is a public limited company registered in England with registered number 00222915.
The registered office of Ricardo plc is Bridge Works,Shoreham-by Sea, West Sussex, BN43 5FG.