Hello everyone,

So from my understanding ARP should broadcast, then tables should be updated, and then until an arp table timeout there should be no more need for constant ARP request from say the router to the same host.

When I run wireshark I notice non-broadcast constant arp traffic from my router to my computer. Maybe 20 request in 10 minutes. Its from the router MAC directly to the computers MAC. Why could this be?

Link to Wireshark photo and home network map:

https://imgur.com/a/04eNw3v

  • AdrianTeri@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    u/browsing_soup as discussed earlier on your 2 router setup this is how one part of the problem(ARP …other is IP) start to arise.

  • Cohnman18@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You guys are way over my head in networking, but I truly enjoyed your “chatter” and learned a lot about the nuances of networking. THANK YOU!

    • RemarkableRough4438@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hi Im going through it now

      i see “Unicast Poll – Actively poll the remote host by
      periodically sending a point-to-point ARP Request
      to it, and delete the entry if no ARP Reply is
      received from N successive polls. Again, the
      timeout should be on the order of a minute, and
      typically N is 2.”

      im assuming this is what you are referring to. I didn’t know this was a thing or common. Why do we have an arp table if we do uni-cast polls as well?

    • RemarkableRough4438@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      also seems odd the .252 doesnt ever seem to respond to the .1 I just looked through the picture again, and im not seeing it respond

  • stikko@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    It’s effectively a host-firewall-proof ping mechanism to see if something is still on the network. AWS does something similar with their guest OS reachability checks. Even if your system is blocking all inbound traffic it still has to respond to ARP requests for IP networking to basically work.