Dynamic ARP Entries turning into Static ARP entriesBad ARP Cache static entriesWindows 2008 ignores Gratuitous ARP requestsWhy does a PXE-booting VM aggressively seek Reverse ARP?Server Core DNS Server in VSphere doesn't respond to ping and needs continuous arp cleanstop arp poisoning on a 5448 powerconnect switchPermanant ARP entries become UnresolvedLinux arp cache timeout valuesWindows 10 arp cache getting stuck after failed attempts when target machines are offlinePXE boot failing with E11 (ARP timeout) on upgraded Linux serverWINDOWS 2012R2 Server - edit arp cache default timeout values
Grandpa has another non math question
C++ logging library
Create a cube from identical 3D objects
That's not my X, its Y is too Z
What's the best way to quit a job mostly because of money?
Why are Payments from Apple to New Zealand and Australian bank accounts wire transfers?
Should I be able to use the Gloom Stalker ranger's Dread Ambusher class feature when attacking before initiative has been rolled to add a d8 damage?
What is this Amiga 2000 mod?
If the pressure inside and outside a balloon balance, then why does air leave when it pops?
How much web presence should I have?
How to befriend someone who doesn't like to talk?
Oil draining out shortly after turbo hose detached/broke
Why vspace-lineskip removes space after tikz picture although it stands before the picture?
Professor Roman loves to teach unorthodox Chemistry
How many sets of dice do I need for D&D?
Entered UK using my now-lost UK passport; can I go to Spain using my US passport?
Print "N NE E SE S SW W NW"
Placement of positioning lights on A320 winglets
Why does there seem to be an extreme lack of public trashcans in Taiwan?
How to Handle Many Times Series Simultaneously?
How can I find out about the game world without meta-influencing it?
Is it true that "only photographers care about noise"?
Labels still showing when no Label Features turned on in ArcMap?
If absolute velocity does not exist, how can we say a rocket accelerates in empty space?
Dynamic ARP Entries turning into Static ARP entries
Bad ARP Cache static entriesWindows 2008 ignores Gratuitous ARP requestsWhy does a PXE-booting VM aggressively seek Reverse ARP?Server Core DNS Server in VSphere doesn't respond to ping and needs continuous arp cleanstop arp poisoning on a 5448 powerconnect switchPermanant ARP entries become UnresolvedLinux arp cache timeout valuesWindows 10 arp cache getting stuck after failed attempts when target machines are offlinePXE boot failing with E11 (ARP timeout) on upgraded Linux serverWINDOWS 2012R2 Server - edit arp cache default timeout values
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I recently acquired a client that has a strange ARP caching issue on one of thier servers.
I have a server that will eventually start turning it's dynamic ARP entries into static ARP entries. This causes problems because when the machine that has a static ARP entries on this server receives a new IP via DHCP, then the server is not able to communicate with the clients. Clearing the ARP cache resolves the issue and the server is fine for about a week and then it starts slowly turning ARP entries into static ARP entries. I haven't narrowed it down to when or how many it starts to do, but slowly you start seeing 1 static ARP and then 5 and then 10.
The server in question is a Windows Server 2003 SP2. It is a DC, DHCP, and DNS server. I've checked the DHCP scope options and there's nothing in there that would indicate anything to do with static ARP entries. The only thing different between this DNS server and our other DNS server is that the 'Dynamically Update DNA A and PTR records for DHCP clients that do not request updates' is checked on the problematic server.
I've done a bit of research about this and it seems that this may happen if any PXE type services are running, from what I can tell, there is nothing running a PXE server.
I'm a bit lost as I have never seen dynamic ARP entries start to turn into static ARP entries. Right now my solution is a schedule task that runs every 24 hours to clear the ARP cache (arp -d *). I would like to not rely on this schedule task.
Has anybody seen this before or have any suggestions on how to troubleshoot this?
windows-server-2003 arp
asked Dec 18 '12 at 21:29
ZachZach
814
|
show 2 more comments
I recently acquired a client that has a strange ARP caching issue on one of thier servers.
I have a server that will eventually start turning it's dynamic ARP entries into static ARP entries. This causes problems because when the machine that has a static ARP entries on this server receives a new IP via DHCP, then the server is not able to communicate with the clients. Clearing the ARP cache resolves the issue and the server is fine for about a week and then it starts slowly turning ARP entries into static ARP entries. I haven't narrowed it down to when or how many it starts to do, but slowly you start seeing 1 static ARP and then 5 and then 10.
The server in question is a Windows Server 2003 SP2. It is a DC, DHCP, and DNS server. I've checked the DHCP scope options and there's nothing in there that would indicate anything to do with static ARP entries. The only thing different between this DNS server and our other DNS server is that the 'Dynamically Update DNA A and PTR records for DHCP clients that do not request updates' is checked on the problematic server.
I've done a bit of research about this and it seems that this may happen if any PXE type services are running, from what I can tell, there is nothing running a PXE server.
I'm a bit lost as I have never seen dynamic ARP entries start to turn into static ARP entries. Right now my solution is a schedule task that runs every 24 hours to clear the ARP cache (arp -d *). I would like to not rely on this schedule task.
Has anybody seen this before or have any suggestions on how to troubleshoot this?
windows-server-2003 arp
asked Dec 18 '12 at 21:29
ZachZach
814
3
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@joeqwerty - Usingarp -ain Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use thearp -s ip_addr eth_addr
– Zach
Dec 19 '12 at 2:17
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32
|
show 2 more comments
I recently acquired a client that has a strange ARP caching issue on one of thier servers.
I have a server that will eventually start turning it's dynamic ARP entries into static ARP entries. This causes problems because when the machine that has a static ARP entries on this server receives a new IP via DHCP, then the server is not able to communicate with the clients. Clearing the ARP cache resolves the issue and the server is fine for about a week and then it starts slowly turning ARP entries into static ARP entries. I haven't narrowed it down to when or how many it starts to do, but slowly you start seeing 1 static ARP and then 5 and then 10.
The server in question is a Windows Server 2003 SP2. It is a DC, DHCP, and DNS server. I've checked the DHCP scope options and there's nothing in there that would indicate anything to do with static ARP entries. The only thing different between this DNS server and our other DNS server is that the 'Dynamically Update DNA A and PTR records for DHCP clients that do not request updates' is checked on the problematic server.
I've done a bit of research about this and it seems that this may happen if any PXE type services are running, from what I can tell, there is nothing running a PXE server.
I'm a bit lost as I have never seen dynamic ARP entries start to turn into static ARP entries. Right now my solution is a schedule task that runs every 24 hours to clear the ARP cache (arp -d *). I would like to not rely on this schedule task.
Has anybody seen this before or have any suggestions on how to troubleshoot this?
windows-server-2003 arp
asked Dec 18 '12 at 21:29
ZachZach
814
I recently acquired a client that has a strange ARP caching issue on one of thier servers.
I have a server that will eventually start turning it's dynamic ARP entries into static ARP entries. This causes problems because when the machine that has a static ARP entries on this server receives a new IP via DHCP, then the server is not able to communicate with the clients. Clearing the ARP cache resolves the issue and the server is fine for about a week and then it starts slowly turning ARP entries into static ARP entries. I haven't narrowed it down to when or how many it starts to do, but slowly you start seeing 1 static ARP and then 5 and then 10.
The server in question is a Windows Server 2003 SP2. It is a DC, DHCP, and DNS server. I've checked the DHCP scope options and there's nothing in there that would indicate anything to do with static ARP entries. The only thing different between this DNS server and our other DNS server is that the 'Dynamically Update DNA A and PTR records for DHCP clients that do not request updates' is checked on the problematic server.
I've done a bit of research about this and it seems that this may happen if any PXE type services are running, from what I can tell, there is nothing running a PXE server.
I'm a bit lost as I have never seen dynamic ARP entries start to turn into static ARP entries. Right now my solution is a schedule task that runs every 24 hours to clear the ARP cache (arp -d *). I would like to not rely on this schedule task.
Has anybody seen this before or have any suggestions on how to troubleshoot this?
windows-server-2003 arp
windows-server-2003 arp
asked Dec 18 '12 at 21:29
ZachZach
814
asked Dec 18 '12 at 21:29
ZachZach
814
asked Dec 18 '12 at 21:29
ZachZach
814
asked Dec 18 '12 at 21:29
ZachZach
814
asked Dec 18 '12 at 21:29
ZachZach
814
814
3
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@joeqwerty - Usingarp -ain Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use thearp -s ip_addr eth_addr
– Zach
Dec 19 '12 at 2:17
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32
|
show 2 more comments
3
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@joeqwerty - Usingarp -ain Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use thearp -s ip_addr eth_addr
– Zach
Dec 19 '12 at 2:17
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32
3
3
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@joeqwerty - Using
arp -a in Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use the arp -s ip_addr eth_addr– Zach
Dec 19 '12 at 2:17
@joeqwerty - Using
arp -a in Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use the arp -s ip_addr eth_addr– Zach
Dec 19 '12 at 2:17
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32
|
show 2 more comments
2 Answers
2
active
oldest
votes
This could be benign, or malign. Let's hope for benign: there is something running on your machine that thinks it knows better than ARP and is updating the ARP table "by hand". I suspect something like a firewall or other endpoint protection type of program, but if you really can't track it down by reviewing what's installed then your only recourse is to break out heavy-duty audit tools like WPR/WPA or ProcessInternals, let them do their thing, and then tie the events back.
It could be malign: a classic man-in-the-middle attack is to send out an ARP claiming to be Alice when you are really Bob: everyone updates their cache and from then on everyone who sends to Alice thinks they are talking to her when in fact their traffic is going to Bob. Or (another way around) someone breaks into your machine and sets up static ARPs to the "wrong" targets.
An old strategy for defeating the first, btw, is to set up static ARP entries for all the local targets you want to talk to. For the second, well, if the attacker is on your machine, it's too late.
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
add a comment |
I ran into this a couple years ago when I installed redundant firewalls for a client. Their 2003 server was slotted to be retired once the new DC was installed, so I put in a temporary fix to dump the arp cache every 2 minutes. I just used the task scheduler to run "arp -d" every couple minutes so if the firewalls switched responsibilities the DC would still have Internet access for dns services.
answered Sep 29 '16 at 1:38
milkmanmilkman
434
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f459169%2fdynamic-arp-entries-turning-into-static-arp-entries%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This could be benign, or malign. Let's hope for benign: there is something running on your machine that thinks it knows better than ARP and is updating the ARP table "by hand". I suspect something like a firewall or other endpoint protection type of program, but if you really can't track it down by reviewing what's installed then your only recourse is to break out heavy-duty audit tools like WPR/WPA or ProcessInternals, let them do their thing, and then tie the events back.
It could be malign: a classic man-in-the-middle attack is to send out an ARP claiming to be Alice when you are really Bob: everyone updates their cache and from then on everyone who sends to Alice thinks they are talking to her when in fact their traffic is going to Bob. Or (another way around) someone breaks into your machine and sets up static ARPs to the "wrong" targets.
An old strategy for defeating the first, btw, is to set up static ARP entries for all the local targets you want to talk to. For the second, well, if the attacker is on your machine, it's too late.
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
add a comment |
This could be benign, or malign. Let's hope for benign: there is something running on your machine that thinks it knows better than ARP and is updating the ARP table "by hand". I suspect something like a firewall or other endpoint protection type of program, but if you really can't track it down by reviewing what's installed then your only recourse is to break out heavy-duty audit tools like WPR/WPA or ProcessInternals, let them do their thing, and then tie the events back.
It could be malign: a classic man-in-the-middle attack is to send out an ARP claiming to be Alice when you are really Bob: everyone updates their cache and from then on everyone who sends to Alice thinks they are talking to her when in fact their traffic is going to Bob. Or (another way around) someone breaks into your machine and sets up static ARPs to the "wrong" targets.
An old strategy for defeating the first, btw, is to set up static ARP entries for all the local targets you want to talk to. For the second, well, if the attacker is on your machine, it's too late.
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
add a comment |
This could be benign, or malign. Let's hope for benign: there is something running on your machine that thinks it knows better than ARP and is updating the ARP table "by hand". I suspect something like a firewall or other endpoint protection type of program, but if you really can't track it down by reviewing what's installed then your only recourse is to break out heavy-duty audit tools like WPR/WPA or ProcessInternals, let them do their thing, and then tie the events back.
It could be malign: a classic man-in-the-middle attack is to send out an ARP claiming to be Alice when you are really Bob: everyone updates their cache and from then on everyone who sends to Alice thinks they are talking to her when in fact their traffic is going to Bob. Or (another way around) someone breaks into your machine and sets up static ARPs to the "wrong" targets.
An old strategy for defeating the first, btw, is to set up static ARP entries for all the local targets you want to talk to. For the second, well, if the attacker is on your machine, it's too late.
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
This could be benign, or malign. Let's hope for benign: there is something running on your machine that thinks it knows better than ARP and is updating the ARP table "by hand". I suspect something like a firewall or other endpoint protection type of program, but if you really can't track it down by reviewing what's installed then your only recourse is to break out heavy-duty audit tools like WPR/WPA or ProcessInternals, let them do their thing, and then tie the events back.
It could be malign: a classic man-in-the-middle attack is to send out an ARP claiming to be Alice when you are really Bob: everyone updates their cache and from then on everyone who sends to Alice thinks they are talking to her when in fact their traffic is going to Bob. Or (another way around) someone breaks into your machine and sets up static ARPs to the "wrong" targets.
An old strategy for defeating the first, btw, is to set up static ARP entries for all the local targets you want to talk to. For the second, well, if the attacker is on your machine, it's too late.
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
answered Dec 23 '15 at 4:26
AlwaysLearningAlwaysLearning
1145
1145
add a comment |
add a comment |
I ran into this a couple years ago when I installed redundant firewalls for a client. Their 2003 server was slotted to be retired once the new DC was installed, so I put in a temporary fix to dump the arp cache every 2 minutes. I just used the task scheduler to run "arp -d" every couple minutes so if the firewalls switched responsibilities the DC would still have Internet access for dns services.
answered Sep 29 '16 at 1:38
milkmanmilkman
434
add a comment |
I ran into this a couple years ago when I installed redundant firewalls for a client. Their 2003 server was slotted to be retired once the new DC was installed, so I put in a temporary fix to dump the arp cache every 2 minutes. I just used the task scheduler to run "arp -d" every couple minutes so if the firewalls switched responsibilities the DC would still have Internet access for dns services.
answered Sep 29 '16 at 1:38
milkmanmilkman
434
add a comment |
I ran into this a couple years ago when I installed redundant firewalls for a client. Their 2003 server was slotted to be retired once the new DC was installed, so I put in a temporary fix to dump the arp cache every 2 minutes. I just used the task scheduler to run "arp -d" every couple minutes so if the firewalls switched responsibilities the DC would still have Internet access for dns services.
answered Sep 29 '16 at 1:38
milkmanmilkman
434
I ran into this a couple years ago when I installed redundant firewalls for a client. Their 2003 server was slotted to be retired once the new DC was installed, so I put in a temporary fix to dump the arp cache every 2 minutes. I just used the task scheduler to run "arp -d" every couple minutes so if the firewalls switched responsibilities the DC would still have Internet access for dns services.
answered Sep 29 '16 at 1:38
milkmanmilkman
434
answered Sep 29 '16 at 1:38
milkmanmilkman
434
answered Sep 29 '16 at 1:38
milkmanmilkman
434
answered Sep 29 '16 at 1:38
milkmanmilkman
434
434
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f459169%2fdynamic-arp-entries-turning-into-static-arp-entries%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
How are you determining that these ARP entries are static? Also, DC, DHCP and DNS services don't directly have anything to do with the functions of ARP or the ARP table.
– joeqwerty
Dec 18 '12 at 22:09
Don't ARP entries persist only for a limited amount of time before being either timed out (20 minutes?) or replaced when a transaction for the same IP is discovered.
– mdpc
Dec 18 '12 at 22:18
@mdpc Yes, unless they are static, which is what the OP is having problems with.
– fukawi2
Dec 18 '12 at 22:38
@joeqwerty - Using
arp -ain Windows will detail the type of entry in the ARP table. The dynamic entries will eventually turn into static entries, there is no discernible pattern to it. The only mechanism I know on how to create a static ARP entry is to use thearp -s ip_addr eth_addr– Zach
Dec 19 '12 at 2:17
@Zach - Gotcha. I wanted to make sure that was where you were seeing them. That said, I've never seen those symptoms before. These are static entries for RFC 1918 addresses (classes A, B and C) and not multicast addresses (class D) right?
– joeqwerty
Dec 19 '12 at 2:32