Re: [PLUG] Traffic tracking trouble

Carl Johnson on 3 Aug 2011 12:39:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Traffic tracking trouble

From: Carl Johnson <cjohnson19791979@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>, PLUG <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Traffic tracking trouble
Date: Wed, 03 Aug 2011 15:39:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=references:user-agent:in-reply-to:mime-version:content-type :content-transfer-encoding:subject:from:date:to:message-id; bh=reQe36EEU6UChnAR8FG9TaKsOmVIRwVYdtOXS4ltUM0=; b=I8UeC3wG8zpRvz+xbIcS39zR4TLSD0P8wN0kI3iIxVbLxyqol4UKbHQR3vk2WrA0g5 BjEAkK4KI0K8gevrS1V2Z+m5beG26oqXAydHLP+ht/b8seOB/KpLS9hysc82Tnc76Hvr AbRBIfQwd+VZ2GgSepTTCvTP9RmO9KDVJ3tNs=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: K-9 Mail for Android

Can't you just console into the router and clear the arp table? Maybe power cycle it?





Sent from my Motorola DynaTAC 8000x

Adam Zion <azion1995@gmail.com> wrote:

>We've had poor performance on the network at my location, and it
>occurred to me that the reason could be a chatty host on the network.
>So, I fired up Wireshark (formerly known as Ethereal, a packet
>sniffer) and took a look.
>
>I found that our AdTran router was blasting out constant ARP
>broadcasts trying to find various equipment which was no longer
>present. One bit was easy to fix: an NTP server which my predecessor
>at this location had removed. I switched my linux box over to the IP
>formerly used by the missing server, and all the ARPs looking for it
>vanished (well, to be more accurate, the AdTran would send an ARP or
>two, get a response, and then shut up).
>
>However, we also found a number of ARPs related to the former IP for
>one specific network printer, and we can't find what PC is out there
>that's trying to connect to the old IP. To my way of thinking, we can
>address this in 3 ways: track down the computer(s) making the requests
>for the old IP, somehow prevent the AdTran from responding to requests
>for said by IP by blasting out ARPs, or just set up a host on the IP
>to respond to the requests.
>
>Is there some sort of tool that can track the host that's looking for
>the old IP, and thereby spawning the ARPs? Bear in mind that this may
>well be a host that's at a remote site, since I've checked every
>system over here that could be looking for it, and not found it.
>
>This may seem minor, but my Wireshark logs find that these ARP
>requests- looking for this single absent IP- make up anywhere from
>10-20% of total network traffic here. So, if we could get rid of them,
>I rather think it would be a big help on performance.
>
>-Z
>
>-- 
>Adam+Zion, MCSE+I, Registered Linux User #471910
>___________________________________________________________________________
>Philadelphia Linux Users Group         --       
>http://www.phillylinux.org
>Announcements -
>http://lists.phillylinux.org/mailman/listinfo/plug-announce
>General Discussion  --  
>http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Traffic tracking trouble
  - From: Adam Zion <azion1995@gmail.com>

Prev by Date: [PLUG] Traffic tracking trouble
Next by Date: Re: [PLUG] Traffic tracking trouble
Previous by thread: [PLUG] Traffic tracking trouble
Next by thread: Re: [PLUG] Traffic tracking trouble
Index(es):
- Date
- Thread