Topic: Unkown ARP traffic

[Lynn]

My home E-smith box is configured as a private gateway with no email services, no ftp, no telnet, and no pptp, and I'm seeing the lights on my cable modem flashing constantly.

The activity doesn't occur on the internal LAN at all - it’s coming from the e-smith server to the WAN. It happens when all internal PCs are turned off and the e-smith box is idle, in fact.

According to nettop, the traffic being generated are arp packets. Its constant, and about 90% of the traffic on my external nic.

The traffic is a constant 1k and up to 3k bit/second being sent. I've never seen all this trafic being generated before - it seems to have happened after the last Blade update.

Its driving me crazy - what the heck is up with my e-smith firewall?

[Nathan Fowler]

Lynn, install and run tcpdump, if you can't read the tcpdumps I'll be more than happy to decipher them for you.  Email me and we'll figure this out.

Nathan

[Charlie Brady]

Lynn wrote:

> My home E-smith box is configured as a private gateway with
> no email services, no ftp, no telnet, and no pptp, and I'm
> seeing the lights on my cable modem flashing constantly.
>
> The activity doesn't occur on the internal LAN at all - it’s
> coming from the e-smith server to the WAN.

No, it's (mostly) *from* the WAN. Cable is a shared network, and the traffic you are seeing is boradcast traffic on that network. ARP is used to match IP addresses to (ethernet) hardware addresses. It's other clients on the cable network discovering the hardware address of the ISP's router.

Nothing for you to worry about.

Charlie

[Lynn]

no, its not from the WAN - you're just assuming it is.

[Nathan Fowler]

Lynn, run a tcpdump on that box and isolate the ARP traffic.  You can determine the source and why this is happening.