Ask Your Question
0

Getting a lot of Who has 10.0.30.30? Tell 10.0.30.1

asked 2020-02-17 16:59:48 +0000

samwifgac gravatar image

30.30 is the first IP in a DHCP scope but nothing has this address (at least, nothing has this address any longer). How can I get stuff to stop looking for it?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-17 17:15:30 +0000

grahamb gravatar image

This is an ARP request. Some process on 10.0.30.1 is looking for the MAC address of 10.0.30.30, likely because it wants to send some traffic on it.

10.0.30.1 seems likely to be a gateway device (by the .1 IP) so does it have a static route or forwarding rule for the .30 IP?

edit flag offensive delete link more

Comments

30.1 is the gateway. static route 10.0.30.0 for vlan 30. The arp table doesn't show a 30.30 ip, though.

samwifgac gravatar imagesamwifgac ( 2020-02-17 17:27:35 +0000 )edit

Can you capture traffic coming into 10.0.30.1 on its other interfaces, either by running a sniffer on the gateway or by using a tap of some sort? Perhaps some host on a network other than the one on which you saw the ARP requests is sending a packet to the gateway to be forwarded to 10.0.30.30.

Guy Harris gravatar imageGuy Harris ( 2020-02-17 17:46:16 +0000 )edit

new to wireshark so I'm not certain. If its possible from within Wireshark, I'd need a little push in the right direction.

samwifgac gravatar imagesamwifgac ( 2020-02-17 20:22:20 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-02-17 16:59:48 +0000

Seen: 683 times

Last updated: Feb 17 '20