I used tcpdump to capture a minute of ARP traffic on my Distributel/Rogers
cable modem interface:
# tcpdump -nelvvs9999 -i eth2 arp >distributel_arp.txt
# wc distributel_arp.txt
8511 187220 1538942 distributel_arp.txt
It recorded 8,511 packets - 141 ARP packets per second!
Sample:
14:13:00.519062 00:17:10:93:5d:91 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 174.116.5.41 tell 174.116.4.1, length 46
Some statistics on that one minute:
$ grep -P -o 'tell \K[^ ,]*' distributel_arp.txt | sort | uniq -c | sort -n | nl | tail
98 276 45.2.46.129
99 295 104.234.93.1
100 304 97.108.196.1
101 354 174.116.20.1
102 648 174.116.24.1
103 691 174.116.22.1
104 768 174.116.4.1
105 798 174.116.26.1
106 961 174.116.6.1
107 1024 174.116.8.1
$ grep -P -o 'who-has \K[^ ]*' distributel_arp.txt | sort | uniq -c | sort -n | nl | tail
2903 9 174.116.5.50
2904 9 174.116.6.22
2905 9 174.116.7.21
2906 9 174.116.8.204
2907 10 72.141.52.157
2908 11 174.116.8.165
2909 11 174.116.8.234
2910 13 174.116.6.218
2911 16 174.116.22.127
2912 16 24.52.219.121
I presume anyone else with a cable modem sees the same thing?
--
| Ian! D. Allen, BA, MMath - idallen [ at ] idallen [ dot ] ca - Ottawa, Ontario, Canada
| Home: www.idallen.com Contact Improvisation Dance: www.contactimprov.ca
| Former college professor (Free/Libre GNU+Linux) at: teaching.idallen.com
| Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org