Wireshark-users: Re: [Wireshark-users] Tons of ARP packets...?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 11 Jul 2007 22:01:57 +0000
If you look at the arp packets they all come from the mac address of
your upstream router.

I would be surprised if you can actually see any traffic originating
from any of the other hosts connected to your segment
since cable usually uses two different modulated channels, one
downstream frequency and a different upstream frequencey.
The cable modem can only send on the upstream frequency and only
receive on the downstream frequency.
Thus you can not capture what others are sending.


I am not sure the amount of arp packets are an issue. In my experience
it is common that the cable upstream routers do send these massive
amounts of arp packets.
Its just what they do   or what their default config is.



On 7/11/07, IchBin <weconsultants@xxxxxxxxx> wrote:

IchBin wrote:
> Hello all, this is my first post here. I am not a network person and
> this is why I a posting here. Wireshark is running without any problems
> but having a hard time understanding why I am being bombarded with ARP
> packets.
>
> The end of last week I started to be bombarded with ARP packets. I have
> a Comcast Internet Cable connection. I have a slow 3.5MB/sec connection.
> I'm suppose to get up to 6mb/sec but that is another story by it's self.
>
> I am running on Windows XP SP2 and current on all updates. The cable
> lite on my modem, for displaying traffic, is just about solidly lit as
> if downloading a large file all the time. I traced about 10 seconds with
> Wireshark and found that three fourths of the traffic are ARP packets.
>
> My concern is the bandwidth that it must be eating up. I initially
> thought that it was a hardware problem on Comcast's network. I called
> them and they checked my connection and said all is OK. They did not see
> this traffic. On my PC the funny thing is that if I sign in to another
> window's XP SP admin user the cable modem lite acts normal again and I
> do not see the ARP traffic.
>
> Can any one give me some insight or directions on resolving this
> problem. It has to be a problem. I have never seen traffic like this on
> any modem I have ever used. Is this the providers problem or my problem
> that I could resolve.
>
> I have attached a 10 trace dump to this message. Here is some of my
> Network connection information:
>
> Physical Address: 00-00-88-24-2B-BA
> IP Address:       69.139.93.171
> Subnet Mask:      255.255.255.0
> Default Gateway:  69.139.93.1
> DHCP Server:      68.87.64.10
> DNS Servers:      68.87.64.146, 68.87.75.194
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users

Sorry the Wireshark dump I initial attached was older and will not match
my network connection information. I am attaching a current dump.

--
Thanks in Advance...                           http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)