Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
2
Replies

Problem with ARP table

dian.it
Level 1
Level 1

‎08-11-2003 03:24 PM - edited ‎03-02-2019 09:30 AM

Hi,

I have a Cisco 3640 series router with a one ethernet 10MBps interface and two Serial interfaces. When I see my ARP table with command show arp i see too much ip addresses of my network that arent in use an router mark this as incomplete, has any way that i can block this ... Thanks..

H.O.

Labels:
0 Helpful
2 Replies 2

prafuljaded
Level 3
Level 3

‎08-11-2003 03:43 PM

You can clear arp entries using " clear arp" and check whether you still find incomplete entries.

0 Helpful

rjackson
Level 5
Level 5
In response to prafuljaded

‎08-12-2003 06:19 AM

That volume of incompletes indicates someone is scanning the network; pinging through the address range looking for hosts. This is common when you are setting up a network mapping tool. It pings through the address space then goes back to each host that answers and trys to get more info with snmp. The incomplete arp entries will age out in a couple of minutes but if the network dept is not doing the scan you should find and stop the culprit. They are gathering information about your network. Possibly its innocent, or the beginning of an attack.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents