Switch doing port scanning?

Unanswered Question
Aug 12th, 2008

I am seeing allot of ARP requests that looking like the switch is scanning our network and incrementing by one....like something has a virus. Here is what I am seeing in the switch....

Aug 12 19:12:54: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.176 0000.0000.0000 Vlan10

Aug 12 19:12:55: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.195 0000.0000.0000 Vlan10

Aug 12 19:12:56: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.196 0000.0000.0000 Vlan10

Aug 12 19:12:56: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.168 0000.0000.0000 Vlan10

10.0.0.254 is our switch

this started at 10.0.0.0 and is now up to 10.0.65.X

How can I find out what is doing this?

Mike

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Farrukh Haroon Tue, 08/12/2008 - 18:42

This seems like a loop on your switch. Disconnect or shutdown all ports, do "clear arp". Verify Spanning tree settings. Is it enabled on all ports? Is there is portfast enabled port?

Which Switch and Version?

Regards

Farrukh

burleyman Wed, 08/13/2008 - 04:48

We found it...it was a misconfigured subnet mask. Thanks for your help.

Mike

Actions

This Discussion