[c-nsp] 7606(SUP32) 12.2(33)SRB2 arp-table problem.
Masood Ahmad Shah
masood at nexlinx.net.pk
Wed Apr 2 10:31:05 EDT 2008
Well, By default cisco IOS keeps learned ARP entries for 3 hours 59
minutes..
There might be some network scanner (worm or virus) around and scanning your
network all the time.....
Regards,
Masood Ahmad Shah
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andrey O.Sokolov
Sent: Monday, March 17, 2008 1:50 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 7606(SUP32) 12.2(33)SRB2 arp-table problem.
Good day!
Cisco7606 with sup32, IOS 12.2(33)SRB2, c7600s3223_rp-ADVIPSERVICESK9-M
On this device are fifteen vlan-interfaces.
One interface have netmask /24
Three interface have netmask more than /30
Two of this interfaces are ospf-interface in different areas.
Spontaneously (interval is from some minutes to some hours) this device
transmit from two interface (one of them - ospf-interface) icmp who-has
request to ALL device's in networks.
This interfaces has not change his link-status before there comes this
situation.
Example:
15:22:39.000018 arp who-has XXX.YYY.ZZZ.81 tell XXX.YYY.ZZZ.1
15:22:39.001018 arp who-has XXX.YYY.ZZZ.103 tell XXX.YYY.ZZZ.1
15:22:39.002017 arp who-has XXX.YYY.ZZZ.155 tell XXX.YYY.ZZZ.1
15:22:39.003018 arp who-has XXX.YYY.ZZZ.119 tell XXX.YYY.ZZZ.1
15:22:39.004018 arp who-has XXX.YYY.ZZZ.100 tell XXX.YYY.ZZZ.1
15:22:39.005018 arp who-has XXX.YYY.ZZZ.156 tell XXX.YYY.ZZZ.1
15:22:39.006018 arp who-has XXX.YYY.ZZZ.84 tell XXX.YYY.ZZZ.1
15:22:39.007018 arp who-has XXX.YYY.ZZZ.117 tell XXX.YYY.ZZZ.1
15:22:39.008018 arp who-has XXX.YYY.ZZZ.87 tell XXX.YYY.ZZZ.1
15:22:39.009018 arp who-has XXX.YYY.ZZZ.86 tell XXX.YYY.ZZZ.1
15:22:39.010018 arp who-has XXX.YYY.ZZZ.118 tell XXX.YYY.ZZZ.1
15:22:39.011018 arp who-has XXX.YYY.ZZZ.135 tell XXX.YYY.ZZZ.1
15:22:39.012018 arp who-has XXX.YYY.ZZZ.97 tell XXX.YYY.ZZZ.1
15:22:39.013018 arp who-has XXX.YYY.ZZZ.157 tell XXX.YYY.ZZZ.1
15:22:39.014018 arp who-has XXX.YYY.ZZZ.149 tell XXX.YYY.ZZZ.1
15:22:39.015018 arp who-has XXX.YYY.ZZZ.141 tell XXX.YYY.ZZZ.1
15:22:39.016018 arp who-has XXX.YYY.ZZZ.115 tell XXX.YYY.ZZZ.1
15:22:39.017018 arp who-has XXX.YYY.ZZZ.154 tell XXX.YYY.ZZZ.1
15:22:39.018018 arp who-has XXX.YYY.ZZZ.150 tell XXX.YYY.ZZZ.1
15:22:39.019017 arp who-has XXX.YYY.ZZZ.109 tell XXX.YYY.ZZZ.1
15:22:39.020018 arp who-has XXX.YYY.ZZZ.128 tell XXX.YYY.ZZZ.1
15:22:39.021018 arp who-has XXX.YYY.ZZZ.125 tell XXX.YYY.ZZZ.1
15:22:39.022018 arp who-has XXX.YYY.ZZZ.132 tell XXX.YYY.ZZZ.1
15:22:39.023017 arp who-has XXX.YYY.ZZZ.133 tell XXX.YYY.ZZZ.1
15:22:39.024017 arp who-has XXX.YYY.ZZZ.144 tell XXX.YYY.ZZZ.1
15:22:39.025017 arp who-has XXX.YYY.ZZZ.148 tell XXX.YYY.ZZZ.1
15:22:39.026018 arp who-has XXX.YYY.ZZZ.151 tell XXX.YYY.ZZZ.1
15:22:39.027017 arp who-has XXX.YYY.ZZZ.45 tell XXX.YYY.ZZZ.1
15:22:39.028031 arp who-has XXX.YYY.ZZZ.88 tell XXX.YYY.ZZZ.1
15:22:39.029018 arp who-has XXX.YYY.ZZZ.56 tell XXX.YYY.ZZZ.1
15:22:39.030017 arp who-has XXX.YYY.ZZZ.90 tell XXX.YYY.ZZZ.1
15:22:39.031018 arp who-has XXX.YYY.ZZZ.168 tell XXX.YYY.ZZZ.1
15:22:39.032020 arp who-has XXX.YYY.ZZZ.169 tell XXX.YYY.ZZZ.1
15:22:39.033021 arp who-has XXX.YYY.ZZZ.172 tell XXX.YYY.ZZZ.1
15:22:39.034017 arp who-has XXX.YYY.ZZZ.190 tell XXX.YYY.ZZZ.1
15:22:39.035018 arp who-has XXX.YYY.ZZZ.165 tell XXX.YYY.ZZZ.1
15:22:39.036017 arp who-has XXX.YYY.ZZZ.159 tell XXX.YYY.ZZZ.1
15:22:39.037017 arp who-has XXX.YYY.ZZZ.184 tell XXX.YYY.ZZZ.1
15:22:39.038018 arp who-has XXX.YYY.ZZZ.189 tell XXX.YYY.ZZZ.1
15:22:39.039017 arp who-has XXX.YYY.ZZZ.188 tell XXX.YYY.ZZZ.1
15:22:39.040017 arp who-has XXX.YYY.ZZZ.216 tell XXX.YYY.ZZZ.1
15:22:39.041017 arp who-has XXX.YYY.ZZZ.171 tell XXX.YYY.ZZZ.1
15:22:39.042018 arp who-has XXX.YYY.ZZZ.205 tell XXX.YYY.ZZZ.1
15:22:39.043017 arp who-has XXX.YYY.ZZZ.233 tell XXX.YYY.ZZZ.1
15:22:39.044017 arp who-has XXX.YYY.ZZZ.236 tell XXX.YYY.ZZZ.1
15:22:39.045017 arp who-has XXX.YYY.ZZZ.239 tell XXX.YYY.ZZZ.1
15:22:39.046018 arp who-has XXX.YYY.ZZZ.170 tell XXX.YYY.ZZZ.1
15:22:39.047017 arp who-has XXX.YYY.ZZZ.197 tell XXX.YYY.ZZZ.1
15:22:39.048018 arp who-has XXX.YYY.ZZZ.187 tell XXX.YYY.ZZZ.1
15:22:39.049017 arp who-has XXX.YYY.ZZZ.173 tell XXX.YYY.ZZZ.1
15:22:39.050017 arp who-has XXX.YYY.ZZZ.200 tell XXX.YYY.ZZZ.1
15:22:39.051017 arp who-has XXX.YYY.ZZZ.175 tell XXX.YYY.ZZZ.1
15:22:39.052017 arp who-has XXX.YYY.ZZZ.174 tell XXX.YYY.ZZZ.1
15:22:39.053017 arp who-has XXX.YYY.ZZZ.223 tell XXX.YYY.ZZZ.1
15:22:39.054017 arp who-has XXX.YYY.ZZZ.201 tell XXX.YYY.ZZZ.1
15:22:39.055017 arp who-has XXX.YYY.ZZZ.179 tell XXX.YYY.ZZZ.1
15:22:39.056017 arp who-has XXX.YYY.ZZZ.180 tell XXX.YYY.ZZZ.1
15:22:39.057017 arp who-has XXX.YYY.ZZZ.203 tell XXX.YYY.ZZZ.1
15:22:39.058018 arp who-has XXX.YYY.ZZZ.207 tell XXX.YYY.ZZZ.1
15:22:39.059017 arp who-has XXX.YYY.ZZZ.178 tell XXX.YYY.ZZZ.1
15:22:39.060017 arp who-has XXX.YYY.ZZZ.204 tell XXX.YYY.ZZZ.1
15:22:39.061017 arp who-has XXX.YYY.ZZZ.206 tell XXX.YYY.ZZZ.1
15:22:39.062017 arp who-has XXX.YYY.ZZZ.232 tell XXX.YYY.ZZZ.1
15:22:39.063017 arp who-has XXX.YYY.ZZZ.254 tell XXX.YYY.ZZZ.1
15:22:39.064017 arp who-has XXX.YYY.ZZZ.217 tell XXX.YYY.ZZZ.1
Age for this arp are different:
Internet XXX.YYY.ZZZ.2 29 0030.4852.e01c ARPA Vlan104
Internet XXX.YYY.ZZZ.3 49 0030.4891.5be2 ARPA Vlan104
Internet XXX.YYY.ZZZ.4 1 0030.4811.0c5a ARPA Vlan104
Internet XXX.YYY.ZZZ.6 208 0030.4871.2fa3 ARPA Vlan104
Internet XXX.YYY.ZZZ.7 59 0030.4881.2d2a ARPA Vlan104
Internet XXX.YYY.ZZZ.8 38 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.9 261 0030.4881.2d2a ARPA Vlan104
Internet XXX.YYY.ZZZ.10 184 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.11 27 0030.4811.0c5a ARPA Vlan104
Internet XXX.YYY.ZZZ.12 90 0030.4881.2d2a ARPA Vlan104
Internet XXX.YYY.ZZZ.14 20 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.16 117 0030.4830.9ab0 ARPA Vlan104
Internet XXX.YYY.ZZZ.17 238 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.18 146 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.19 23 0030.4830.99ac ARPA Vlan104
Internet XXX.YYY.ZZZ.20 126 0030.4830.99b4 ARPA Vlan104
Internet XXX.YYY.ZZZ.23 131 0030.4830.99ac ARPA Vlan104
Internet XXX.YYY.ZZZ.24 2 0030.4811.0c5a ARPA Vlan104
Internet XXX.YYY.ZZZ.25 9 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.27 1 000e.a676.ff69 ARPA Vlan104
Internet XXX.YYY.ZZZ.28 12 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.49 203 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.50 13 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.51 30 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.53 38 0030.4872.8ba4 ARPA Vlan104
Internet XXX.YYY.ZZZ.54 29 0030.4811.0c5a ARPA Vlan104
Internet XXX.YYY.ZZZ.59 7 0030.482a.ecc3 ARPA Vlan104
Internet XXX.YYY.ZZZ.65 173 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.66 108 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.67 13 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.68 241 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.69 155 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.129 167 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.130 199 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.131 103 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.145 78 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.146 30 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.147 91 0030.4852.298d ARPA Vlan104
Internet XXX.YYY.ZZZ.161 193 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.193 8 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.194 243 0030.4852.2a4c ARPA Vlan104
Internet XXX.YYY.ZZZ.195 46 0030.4852.2a4c ARPA Vlan104
What is this?
arp-spoofing?
bug in IOS?
Trouble in architecture of my network?
--
_______________________________________________________________
WBR,
***AOS224-RIPE*** mailto:arctic at alkar.net
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list