Router ARP Requests to an offline host...

Unanswered Question
Nov 20th, 2009

How can I find out why my default gateway router (Cisco 857) keeps sending out ARP requests for the MAC address of a host that is offline?


When I sniff packets on the internal LAN, I continue to see these broadcast ARP requests coming from this router, asking for the MAC address of whoever it is that has this particular IP address. It never gets a response back, because there is no such host that is active on our LAN. Yet the ARP requests continue...


Any guideance would be greatly appreciated. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 11/20/2009 - 11:00

Peter

Check the config to see if there are references to the IP address that the router is arping out for

Jon

p3t3rt0sh Fri, 11/20/2009 - 11:07

There is nothing in the running-config that is referencing the particular IP address...

p3t3rt0sh Fri, 11/20/2009 - 13:08

I have no recollection of what this host was. It's IP address does not fall under our DHCP scope, so it was staticlly configured, whatever it was.

I'm thinking of configuring a client with this IP address and sniffing the packets to see if I can figure out what kind of traffic the router wants to pass to it.

Richard Burts Sat, 11/21/2009 - 03:44

The symptoms that you describe of the router ARPing for this address repeatedly suggest that something is sending packets to this router for that destination address. There are a couple of ways that you could investigate what this is:

- your suggestion of putting that address on a client and sniffing would work.

- if you have netflow configured on the router you might find the source address and protocol ports in the netflow data.

- you could configure an access list on the router interface with a permit statement for that destination address and the log parameter so that the router will create log messages for the packets which would have identifying information.

HTH

Rick

Actions

This Discussion