Hello everyone,
So from my understanding ARP should broadcast, then tables should be updated, and then until an arp table timeout there should be no more need for constant ARP request from say the router to the same host.
When I run wireshark I notice non-broadcast constant arp traffic from my router to my computer. Maybe 20 request in 10 minutes. Its from the router MAC directly to the computers MAC. Why could this be?
Link to Wireshark photo and home network map:
Hi Im going through it now
i see “Unicast Poll – Actively poll the remote host by
periodically sending a point-to-point ARP Request
to it, and delete the entry if no ARP Reply is
received from N successive polls. Again, the
timeout should be on the order of a minute, and
typically N is 2.”
im assuming this is what you are referring to. I didn’t know this was a thing or common. Why do we have an arp table if we do uni-cast polls as well?
also seems odd the .252 doesnt ever seem to respond to the .1 I just looked through the picture again, and im not seeing it respond
It’s effectively a host-firewall-proof ping mechanism to see if something is still on the network. AWS does something similar with their guest OS reachability checks. Even if your system is blocking all inbound traffic it still has to respond to ARP requests for IP networking to basically work.
You guys are way over my head in networking, but I truly enjoyed your “chatter” and learned a lot about the nuances of networking. THANK YOU!
u/browsing_soup as discussed earlier on your 2 router setup this is how one part of the problem(ARP …other is IP) start to arise.