Tech Support Forum - View Single Post

mputin · 02-12-2008, 04:36 AM

Hi

Im looking after a network of about 80 computers and have been having ARP issues on the net.

Network setup as follows:
Linux server operating as proxy (squid), DHCP and DNS server
Numerous client computers running various OS's including Vista, XP, MAC OS and linux
IP network is 192.168.1.0/24 although the DHCP service is set up to allocate in the range 192.168.1.100 - 192.168.1.254
The external interface is running fine and is not related to the issue at hand.
Various COTS switches and routers (working as switches hopefully)

Previously this network was working fine, however in the past few days we have been having issues that are progressively getting worse.

Basically what is happening is as a computer tries to communicate with a local computer that does not already have an entry in its ARP cache, it is unable to find that computer. Iv had a network sniffer out on the network and I can see the ARP request being broadcast, however it looks like no computer replies. I can statically enter the IP/MAC and it works fine but thats not really an option on this network for everyone. The other issue which I believe is feeding off this is if a new computer comes onto the network and asks for an IP address, the DHCP server does not respond, unless once again the DHCP server is statically put in.

The client PC's are controlled by the users (there is no SOE as it is very much adhoc in nature) and as you can tell are a variety of flavours which leads me to believe that it is not some bug with any particular OS. Iv reset network adapters, cleared ARP caches, reset the IP stack with the no difference (not that I would expect any of that to work as it is a network wide issue).

I have a couple of theories Id like to bounce around:
1) One of the routers that is meant to be operating as a switch may be misconfigured and is somehow poisoning all the ARP entries. The problem with this is they are generally vary basic in terms of configuration options and I cant really see any of them playing with the settings anyway.
2) Virus could be DoS'ing me using some sort ARP poisoning. If so, any ideas what sort traffic I should be looking for to try and track down the offending host
3) The Linux server is at the core and may be doing something funky... I dunno what though and it has been working fine for a very long time.

Any ideas would be greatly appreciated.......

02-12-2008, 04:36 AM	#1 (permalink)
mputin Registered User Join Date: Feb 2008 Posts: 3 OS: Vista	ARP broadcasts sent but no responses Hi Im looking after a network of about 80 computers and have been having ARP issues on the net. Network setup as follows: Linux server operating as proxy (squid), DHCP and DNS server Numerous client computers running various OS's including Vista, XP, MAC OS and linux IP network is 192.168.1.0/24 although the DHCP service is set up to allocate in the range 192.168.1.100 - 192.168.1.254 The external interface is running fine and is not related to the issue at hand. Various COTS switches and routers (working as switches hopefully) Previously this network was working fine, however in the past few days we have been having issues that are progressively getting worse. Basically what is happening is as a computer tries to communicate with a local computer that does not already have an entry in its ARP cache, it is unable to find that computer. Iv had a network sniffer out on the network and I can see the ARP request being broadcast, however it looks like no computer replies. I can statically enter the IP/MAC and it works fine but thats not really an option on this network for everyone. The other issue which I believe is feeding off this is if a new computer comes onto the network and asks for an IP address, the DHCP server does not respond, unless once again the DHCP server is statically put in. The client PC's are controlled by the users (there is no SOE as it is very much adhoc in nature) and as you can tell are a variety of flavours which leads me to believe that it is not some bug with any particular OS. Iv reset network adapters, cleared ARP caches, reset the IP stack with the no difference (not that I would expect any of that to work as it is a network wide issue). I have a couple of theories Id like to bounce around: 1) One of the routers that is meant to be operating as a switch may be misconfigured and is somehow poisoning all the ARP entries. The problem with this is they are generally vary basic in terms of configuration options and I cant really see any of them playing with the settings anyway. 2) Virus could be DoS'ing me using some sort ARP poisoning. If so, any ideas what sort traffic I should be looking for to try and track down the offending host 3) The Linux server is at the core and may be doing something funky... I dunno what though and it has been working fine for a very long time. Any ideas would be greatly appreciated.......