I was studying protocol analyzes and noted several arp requests
Is that supposed to mean a broadcast storm, right? When I check these hosts to see your arp table, it doesn't need to make these requests, because your table already has the information. Why do it happen? How can I verify what software in these host are doing that? asked 11 Nov '16, 09:07  ThiagoM |
One Answer:
I did not properly count the amount of ARP packets in your picture, but it looks like ~40 in 43 sec. This is not a broadcast storm. With a broadcast storm you would see the same ARP packet about 500-10000 times a second depending on your infrastructure. This is caused by a switching loop. These are normal ARP packets. Every system on the network will time out ARP entries and will send a new ARP request for a flushed entry when it needs to communicate to that particular host again. This usually happens every couple of minutes till up to 240 minutes (cisco routers). answered 11 Nov '16, 09:35  SYN-bit ♦♦ showing 5 of 6 show 1 more comments |
hi, current 75485 arp packets, if I check a 'conversation' I see my mac requesting to gateway (192.168.10.1) 43M | 66.622 packets. kinda scary I've never seen this before
Less than one min, 3 addresses are sending a new ARP requests, and these hosts has something in common, they're running windows
Does your system get ARP responses back? And which OS is it running?
what I've just observed running wireshark in one these host is a follow several reply in less than one min: 192.168.10.93 is at xx:xx:xx:xx:xx:xx..
This is a question that is realted to your topic: https://ask.wireshark.org/questions/57174/seeing-lots-of-arp-requests-even-though-the-hosts-have-the-mac-address-in-their-arp-cache-already?page=1&focusedAnswerId=57179#57179
Thank you everybody :-)