Before i start, i need to say that i'm a new Wireshark User that just started using it for two days. However, i already watched some video online explaining how it works. Anyway, i don't know if this is common or not, but every time i capture my Wireless Network, i almost see 100 + line containing " Gratious ARP for 192.168.1.2 (Request) " at the info tab every time i capture. The problem is, our DHCP Start IP Address is above 40 (192.168.1.40 <- ) so what i want to know is ;
This is the link for my modem and the capture file showing the ARP problem NB : My IP Address in this capture file are 198.168.1.50 Thanks asked 16 Sep '15, 02:05  Opang edited 16 Sep '15, 03:48 |
One Answer:
answered 16 Sep '15, 03:50  Roland |
Note that as @Roland mentions there are duplicate IP addresses found in the capture, two systems fighting over 192.168.1.2 (with MAC addresses c0:bd:d1:77:79:c4, 10:fe:ed:bb:84:53) and two fighting over 192.168.1.254 (f8:1a:67:3b:8e:a0 and 4c:5e:0c:f9:f3:9f).
You can try to look up the manufacturer of the MAC addresses to give you some indication of which device it is in Wireshark by enabling "Resolve MAC addresses" in Preferences | Name Resolution, or at http://www.macvendorlookup.com/
@Roland : So that means there's a device manufactured by Samsung that keep telling people on our network he has that IP ? Well, if it's not disturbing our network traffic, i guess it's fine for now. Does this means we just have to find that device and then turn off it's wi-fi connection to solve the problem (multiple arp request showing up in the Wireshark) ?
@grahamb Thanks for the MAC list. Based on the MAC, two of them belonged to TP-Link, which is our wifi devices. Is it possible / common for wifi devices to have multiple MAC ?
It's possible but not all that usual. Regardless of that the fact that 2 different MAC addresses are claiming the same IP is bad and should be fixed.
@Opang The amount of gratuitous arps the Samsung is sending is not normal. I would check why it's doing that.