Getting a lot of Who has 10.0.30.30? Tell 10.0.30.1

retag add tags

30.30 is the first IP in a DHCP scope but nothing has this address (at least, nothing has this address any longer). How can I get stuff to stop looking for it?

This is an ARP request. Some process on 10.0.30.1 is looking for the MAC address of 10.0.30.30, likely because it wants to send some traffic on it.

10.0.30.1 seems likely to be a gateway device (by the .1 IP) so does it have a static route or forwarding rule for the .30 IP?

23.8k

grahamb

answered 2020-02-17 17:15:30 +0000

edit flag offensive 0 remove flag delete link

Comments

30.1 is the gateway. static route 10.0.30.0 for vlan 30. The arp table doesn't show a 30.30 ip, though.

samwifgac (2020-02-17 17:27:35 +0000) edit

Can you capture traffic coming into 10.0.30.1 on its other interfaces, either by running a sniffer on the gateway or by using a tap of some sort? Perhaps some host on a network other than the one on which you saw the ARP requests is sending a packet to the gateway to be forwarded to 10.0.30.30.

Guy Harris (2020-02-17 17:46:16 +0000) edit

new to wireshark so I'm not certain. If its possible from within Wireshark, I'd need a little push in the right direction.

samwifgac (2020-02-17 20:22:20 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Getting a lot of Who has 10.0.30.30? Tell 10.0.30.1 edit

Comments

1 Answer

Comments