seeing only ARP traffic ...

seeing only ARP traffic ...

Post by lbrt chx _ gemale ko » Wed, 01 Jun 2011 21:17:13



~
 this question relates more to networking than to the Linux OS, but I may be able to troubleshoot (or somehow probe) these issues using Linux.
~
 One day I noticed that I only saw ARP traffic from my modem. My ISP (leasing lines from Verizon) keeps telling me that they don't know what I am talking about that if I run tcpdump/wireshark right on the modem, I should see all traffic in the network, not just ARP traffic and the traffic from/to my address.
~
 Why would that be?
~
 Thank you
 lbrtchx
 
 
 

seeing only ARP traffic ...

Post by Chris Davie » Wed, 01 Jun 2011 22:57:39



> this question relates more to networking than to the Linux OS, but I
> may be able to troubleshoot (or somehow probe) these issues using Linux.
> One day I noticed that I only saw ARP traffic from my modem. My ISP
> (leasing lines from Verizon) keeps telling me that they don't know what
> I am talking about that if I run tcpdump/wireshark right on the modem,
> I should see all traffic in the network, not just ARP traffic and the
> traffic from/to my address.
> Why would that be?

1. Is your modem the endpoint for your PPP connection? Or is it just a
device for translating between ethernet and cable, with the PPP connection
being terminated on your local Linux/Windows box?

Put it another way, do you run a PPP client on your Linux/Windows box?

2. When you ran tcpdump/wireshark on your modem, were you watching an
active interface?

Chris

 
 
 

seeing only ARP traffic ...

Post by David Schwart » Fri, 03 Jun 2011 04:57:24



Quote:> ?this question relates more to networking than to the Linux OS, but I may be able to troubleshoot (or somehow probe) these issues using Linux.
> ?One day I noticed that I only saw ARP traffic from my modem. My ISP (leasing lines from Verizon) keeps telling me that they don't know what I am talking about that if I run tcpdump/wireshark right on the modem, I should see all traffic in the network, not just ARP traffic and the traffic from/to my address.
> ?Why would that be?

Likely you were looking at a switch port, so you saw only broadcast
traffic or traffic whose destination was unknown to the switch. Many
devices often described as "modems" or "routers" actually contain much
more functionality than their name would suggest and they may also
contain switches.

DS

 
 
 

1. Seeing an ARP Causes an ARP Request?

        We have three Linux systems on our network, but no Linux
administrator at the moment.  We're seeing unusual behavior by these
three systems:  whenever an ARP request shows up on the wire (say
system A looking for the owner of IP address B) the three Linux
systems then immediately generate arp requests for system A.  This
effectively quadruples ARP broadcasts on the net, and for no gain that
I can see.  Is there any way to turn off this behavior?
        In addition, one of the three Linux systems appears to have a
very short arp timeout -- at least it generates at precise 1 minute
intervals a flurry of ARP requests.  Is the arp timeout configurable?

        Thanks in advance for any assistance you can provide!
Eric Ross                               Colorado College

(719) 389-6452                          Colorado Springs, Colorado  80903
       --- Delete nospam from my return address before replying ---

2. Dac960 RAID and 2nd Adaptec controller problem.

3. arp replies not seen, ping's don't echo

4. Redirection based on URL

5. (Q) constant traffic as seen by tcpdump

6. Printing on EtherTalk Apple printer

7. Massive ARP Traffic

8. Announcing...

9. ntop not seeing any traffic

10. tcpdump only sees traffic one-way. Why?

11. Excess DNS traffic (arp who-has) - please help

12. Firewall Seeing Port 137, 138 UDP Traffic

13. Residual arp traffic ! ;D