Switch doing port scanning?

Unanswered Question
Aug 12th, 2008
User Badges:
  • Blue, 1500 points or more

I am seeing allot of ARP requests that looking like the switch is scanning our network and incrementing by one....like something has a virus. Here is what I am seeing in the switch....

Aug 12 19:12:54: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.176 0000.0000.0000 Vlan10

Aug 12 19:12:55: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.195 0000.0000.0000 Vlan10

Aug 12 19:12:56: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.196 0000.0000.0000 Vlan10

Aug 12 19:12:56: IP ARP: sent req src 10.0.0.254 0021.1b83.0000,

dst 10.0.61.168 0000.0000.0000 Vlan10


10.0.0.254 is our switch



this started at 10.0.0.0 and is now up to 10.0.65.X


How can I find out what is doing this?


Mike



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Farrukh Haroon Tue, 08/12/2008 - 18:42
User Badges:
  • Red, 2250 points or more

This seems like a loop on your switch. Disconnect or shutdown all ports, do "clear arp". Verify Spanning tree settings. Is it enabled on all ports? Is there is portfast enabled port?


Which Switch and Version?


Regards


Farrukh

burleyman Wed, 08/13/2008 - 04:48
User Badges:
  • Blue, 1500 points or more

We found it...it was a misconfigured subnet mask. Thanks for your help.


Mike

Actions

This Discussion