Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
0
Helpful
6
Replies

Constant ARP requests

mfisher
Level 1
Level 1

‎02-19-2004 10:58 AM - edited ‎03-02-2019 01:43 PM

Hi,

I have a cisco 4500 with IOS 11.2. Two out of five ethernet interfaces are putting out constant and sequential ARP requests for every address on their subnet. The other three interfaces don't do this. ANy idea what's going on? Thanks.

Labels:
0 Helpful
6 Replies 6

chuck.price
Level 1
Level 1

‎02-19-2004 11:15 AM

Have you checked the timing on when they flush their arp cache?

0 Helpful

mfisher
Level 1
Level 1
In response to chuck.price

‎02-19-2004 11:29 AM

arp timeout is 4 hours, same as the others.

0 Helpful

tbaranski
Level 4
Level 4

‎02-19-2004 03:50 PM

This is commonly the result of hosts on the network being infected with worms which scan the local subnet for other hosts to infect.

0 Helpful

mfisher
Level 1
Level 1
In response to tbaranski

‎02-19-2004 04:43 PM

Yes, I have seen that. According to etherpeek, though, these requests are originating at the router interface, not at any host.

0 Helpful

tbaranski
Level 4
Level 4
In response to mfisher

‎02-19-2004 06:10 PM

It could be a remote host (i.e., on another subnet) scanning the subnets in question then. In this case it's the router itself that would ARP for the destination addresses.

0 Helpful

Prashanth Krishnappa
Cisco Employee
Cisco Employee

‎02-19-2004 05:48 PM

Apply the access-list to check to see if you are hit by blaster virus

http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

0 Helpful
Customers Also Viewed These Support Documents