From: Nick Drage <nickd@funkyjesus.org>
To: netfilter@lists.netfilter.org
Subject: Re: Too many ARP entries and Re: sendto: No buffer space available
Date: Tue, 3 Dec 2002 13:27:58 +0000 [thread overview]
Message-ID: <20021203132758.I14289@funkyjesus.org> (raw)
In-Reply-To: <1038920934.8888.4.camel@elendil.intranet.cartel-securite.net>; from blancher@cartel-securite.fr on Tue, Dec 03, 2002 at 02:08:54PM +0100
On Tue, Dec 03, 2002 at 02:08:54PM +0100, Cedric Blancher wrote:
> Le lun 02/12/2002 à 21:28, andre.correa@pobox.com a écrit :
> > But there is still a question for me. Looking at my arp table, I
> > see that there are =~ 150 entries, seconds passing and more entries
> > coming, 20 seconds after I can have =~1100, it goes on until it reachs
> > =~2200 entries, then it goes back to the =~100 and starts over again.
>
> Wierd...
Weird, certainly... haven't seen anything like this before.
<snip>
> It is not normal. You should monitor ARP traffic on your network using
> arpwatch (see Freshmeat, available as .deb, .rpm too) to see if someone
> would be playing ARP cache poisoning (see http://www.arp-sk.org/).
I haven't looked at arpwatch recetly, but presumably that will just scream
blue bloody murder.
What does
tcpdump -npevvvi <<interface>> arp
look like?
The original paragraph of:
> > I have less then 50 NAT users. Is it normal to have some many ARP
> > entries with this variation? Looking the ARP table I see my "Internet"
> > interface with lots of entries, with internet host IP addresses and my
> > gateway's NIC MAC address.
Isn't quite as clear as required. Andre, any chance you could cut and paste
a few examples, so we can try to understand the symptoms a bit better?
--
FunkyJesus System Administration Team
next prev parent reply other threads:[~2002-12-03 13:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-02 13:16 sendto: No buffer space available andre.correa
2002-12-02 14:33 ` Bob Keyes
2002-12-02 14:46 ` Re[2]: " andre.correa
2002-12-02 20:28 ` Too many ARP entries and " andre.correa
2002-12-03 13:08 ` Cedric Blancher
2002-12-03 13:27 ` Nick Drage [this message]
2002-12-03 14:27 ` Re[2]: " andre.correa
2002-12-03 17:54 ` Nick Drage
2002-12-04 3:09 ` Paul Frieden
2002-12-04 15:23 ` Ard van Breemen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021203132758.I14289@funkyjesus.org \
--to=nickd@funkyjesus.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox