[TriLUG] RoadRunner issue - arp flood?
James Manning
jmm at sublogic.com
Mon Dec 23 18:55:54 EST 2002
Not sure what rr.com official help is gonna say since it's not causing
actual loss of connection yet, but over the last few days my cable
modem's activity light has been *on*. Today I finally ran its
ethernet cable directly to my debian box instead of the linksys router
to tcpdump to see what's up, and it's a flood of arp traffic from
primarily one machine. The machine's IP (24.74.136.1) makes me think
it's a router box for RR, so maybe it's just something they broke
mistakenly.
Anyone hazard a guess as to what might be broken? Or how to fix it? :)
debian:~# tcpdump -n -c 1000|grep arp|awk '{print $6}'|sort|uniq -c|sort -n
eth0: Promiscuous mode enabled.
tcpdump: listening on eth0
8 24.136.132.65
31 10.41.96.1
34 24.136.140.1
68 24.162.244.1
108 24.136.253.129
203 24.25.4.1
328 24.74.136.1
debian:~# bc -lq
328+203+108+68+34+31+8
780
So 78% of those packets were arp packets, with those 2 (router?)
machines dominating it. Ugh.
Help my poor cable modem! :)
James
--
James Manning <http://www.sublogic.com/james/>
GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4
More information about the TriLUG
mailing list