ARP incomplete on the router connected to the gateway












0















Here in my office we have a network consisting of the gateway (router) from the ISP, and less than 15 clients (computers). I noticed the network slowed down a lot,
even when there was only 1 client connected, then I found out that the ARP table is filled with incomplete requests. All the incomplete requests are IP addresses which do not exist in the internal LAN. Because of this even pings from a computer (internal) to an outside network will start dropping. Can anyone help me understand what might be the issue? Exclude the case of loop because I tried to use it with one PC also.






networking arp







share|improve this question

























  • You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

    – djsmiley2k
    Dec 17 '18 at 16:37











  • Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

    – harrymc
    Dec 17 '18 at 17:09













  • The ip address are address which are on the same subnet but not occupied by the computers

    – Biruk
    Dec 17 '18 at 17:30











  • Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

    – harrymc
    Dec 17 '18 at 17:42











  • It sounds like something is scanning your network. It could be a user or malware.

    – Ron Maupin
    Dec 17 '18 at 19:02
















0















Here in my office we have a network consisting of the gateway (router) from the ISP, and less than 15 clients (computers). I noticed the network slowed down a lot,
even when there was only 1 client connected, then I found out that the ARP table is filled with incomplete requests. All the incomplete requests are IP addresses which do not exist in the internal LAN. Because of this even pings from a computer (internal) to an outside network will start dropping. Can anyone help me understand what might be the issue? Exclude the case of loop because I tried to use it with one PC also.






networking arp







share|improve this question

























  • You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

    – djsmiley2k
    Dec 17 '18 at 16:37











  • Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

    – harrymc
    Dec 17 '18 at 17:09













  • The ip address are address which are on the same subnet but not occupied by the computers

    – Biruk
    Dec 17 '18 at 17:30











  • Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

    – harrymc
    Dec 17 '18 at 17:42











  • It sounds like something is scanning your network. It could be a user or malware.

    – Ron Maupin
    Dec 17 '18 at 19:02














0












0








0


1






Here in my office we have a network consisting of the gateway (router) from the ISP, and less than 15 clients (computers). I noticed the network slowed down a lot,
even when there was only 1 client connected, then I found out that the ARP table is filled with incomplete requests. All the incomplete requests are IP addresses which do not exist in the internal LAN. Because of this even pings from a computer (internal) to an outside network will start dropping. Can anyone help me understand what might be the issue? Exclude the case of loop because I tried to use it with one PC also.






networking arp







share|improve this question
















Here in my office we have a network consisting of the gateway (router) from the ISP, and less than 15 clients (computers). I noticed the network slowed down a lot,
even when there was only 1 client connected, then I found out that the ARP table is filled with incomplete requests. All the incomplete requests are IP addresses which do not exist in the internal LAN. Because of this even pings from a computer (internal) to an outside network will start dropping. Can anyone help me understand what might be the issue? Exclude the case of loop because I tried to use it with one PC also.






networking arp




networking arp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 17 '18 at 16:44









Spiff

76.8k10117163




76.8k10117163










asked Dec 17 '18 at 16:31









BirukBiruk

11




11













  • You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

    – djsmiley2k
    Dec 17 '18 at 16:37











  • Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

    – harrymc
    Dec 17 '18 at 17:09













  • The ip address are address which are on the same subnet but not occupied by the computers

    – Biruk
    Dec 17 '18 at 17:30











  • Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

    – harrymc
    Dec 17 '18 at 17:42











  • It sounds like something is scanning your network. It could be a user or malware.

    – Ron Maupin
    Dec 17 '18 at 19:02



















  • You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

    – djsmiley2k
    Dec 17 '18 at 16:37











  • Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

    – harrymc
    Dec 17 '18 at 17:09













  • The ip address are address which are on the same subnet but not occupied by the computers

    – Biruk
    Dec 17 '18 at 17:30











  • Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

    – harrymc
    Dec 17 '18 at 17:42











  • It sounds like something is scanning your network. It could be a user or malware.

    – Ron Maupin
    Dec 17 '18 at 19:02

















You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

– djsmiley2k
Dec 17 '18 at 16:37





You sure there's only one device? It sounds like something is spamming the network with bad requests for an IP maybe...

– djsmiley2k
Dec 17 '18 at 16:37













Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

– harrymc
Dec 17 '18 at 17:09







Incomplete ARP entries will have the IP address but missing the MAC address. Which IP addresses do you see on these entries and how do they relate to the network?

– harrymc
Dec 17 '18 at 17:09















The ip address are address which are on the same subnet but not occupied by the computers

– Biruk
Dec 17 '18 at 17:30





The ip address are address which are on the same subnet but not occupied by the computers

– Biruk
Dec 17 '18 at 17:30













Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

– harrymc
Dec 17 '18 at 17:42





Do you have any switches on the network? (Please add in comments the name of the person addressed, like @harrymc:)

– harrymc
Dec 17 '18 at 17:42













It sounds like something is scanning your network. It could be a user or malware.

– Ron Maupin
Dec 17 '18 at 19:02





It sounds like something is scanning your network. It could be a user or malware.

– Ron Maupin
Dec 17 '18 at 19:02










1 Answer
1






active

oldest

votes


















0














After inspecting the incoming traffic using Wireshark, we found that there was TCP syn packet coming from many user computers towards the gateway router using port 445, unfortunately we were using ADSL as a gateway and the ADSL couldn't stand all the load and it will start dropping packet. As a temporary solution we block the port 445 and the traffic seems fine.






share|improve this answer
























  • Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

    – grawity
    Dec 26 '18 at 12:04











  • Its the second case and Yes, the whole LAN is infected with malware.

    – Biruk
    Dec 27 '18 at 12:14











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385300%2farp-incomplete-on-the-router-connected-to-the-gateway%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














After inspecting the incoming traffic using Wireshark, we found that there was TCP syn packet coming from many user computers towards the gateway router using port 445, unfortunately we were using ADSL as a gateway and the ADSL couldn't stand all the load and it will start dropping packet. As a temporary solution we block the port 445 and the traffic seems fine.






share|improve this answer
























  • Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

    – grawity
    Dec 26 '18 at 12:04











  • Its the second case and Yes, the whole LAN is infected with malware.

    – Biruk
    Dec 27 '18 at 12:14
















0














After inspecting the incoming traffic using Wireshark, we found that there was TCP syn packet coming from many user computers towards the gateway router using port 445, unfortunately we were using ADSL as a gateway and the ADSL couldn't stand all the load and it will start dropping packet. As a temporary solution we block the port 445 and the traffic seems fine.






share|improve this answer
























  • Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

    – grawity
    Dec 26 '18 at 12:04











  • Its the second case and Yes, the whole LAN is infected with malware.

    – Biruk
    Dec 27 '18 at 12:14














0












0








0







After inspecting the incoming traffic using Wireshark, we found that there was TCP syn packet coming from many user computers towards the gateway router using port 445, unfortunately we were using ADSL as a gateway and the ADSL couldn't stand all the load and it will start dropping packet. As a temporary solution we block the port 445 and the traffic seems fine.






share|improve this answer













After inspecting the incoming traffic using Wireshark, we found that there was TCP syn packet coming from many user computers towards the gateway router using port 445, unfortunately we were using ADSL as a gateway and the ADSL couldn't stand all the load and it will start dropping packet. As a temporary solution we block the port 445 and the traffic seems fine.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 26 '18 at 11:01









BirukBiruk

11




11













  • Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

    – grawity
    Dec 26 '18 at 12:04











  • Its the second case and Yes, the whole LAN is infected with malware.

    – Biruk
    Dec 27 '18 at 12:14



















  • Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

    – grawity
    Dec 26 '18 at 12:04











  • Its the second case and Yes, the whole LAN is infected with malware.

    – Biruk
    Dec 27 '18 at 12:14

















Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

– grawity
Dec 26 '18 at 12:04





Towards the router itself, or through the router towards Internet hosts? The former probably means the router has "SMB file sharing" running; the latter usually means malware infection across the whole LAN.

– grawity
Dec 26 '18 at 12:04













Its the second case and Yes, the whole LAN is infected with malware.

– Biruk
Dec 27 '18 at 12:14





Its the second case and Yes, the whole LAN is infected with malware.

– Biruk
Dec 27 '18 at 12:14


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385300%2farp-incomplete-on-the-router-connected-to-the-gateway%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Terni

Image
Questa voce o sezione sull'argomento Umbria non è ancora formattata secondo gli standard . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Terni comune Localizzazione Stato   Italia Regione Umbria Provincia Terni Amministrazione Sindaco Leonardo Latini (Lega Nord) dal 25-06-2018 Territorio Coordinate 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Coordinate: 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Altitudine 130 m s.l.m. Superficie 211,90 km² Abitanti 111 189 [1] (31-12-2017) Densità 524,72 ab./km² Frazioni Vedi elenco Comuni confinanti Acquasparta, Arrone, Colli sul Velino (RI), Labro (RI), Montecastrilli, Montefranco, Narni, Rieti (RI), San Gemini, Spoleto (PG), Stroncone Altre informazioni Cod. postale 05100 Prefisso 0744 Fuso orario UTC+1 Codice ISTAT...
Read more

A new problem with tex4ht and tikz

Image
3 When run through pdflatex the code snippet below produces: but when I run it through make4ht the following web page, without the numbers, is generated: (The difference in scale is an artifact of my skills in taking screenshots.) Here is the code: documentclass{article} usepackage{tikz} begin{document} begin{tikzpicture} foreach x in {-3,...,3} { draw(x,0.25) --(x,0)node[below]{x}; } foreach x in {-2.5,...,2.5} { draw(x,0.18) --(x,0); } draw[thick,<->](-3.5,0)--(3.5,0); filldraw[blue!50!white](1.5,0) circle (1mm); draw[red] (-3.5,-1) rectangle (3.5,1); % make bounding box higher end{tikzpicture} end{document} Only the first line of the tikzpicture environment is necessary. The rest is just to show that everything else is OK. I am...
Read more

Sun Ra

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento compositori statunitensi non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Sun Ra Sun Ra nel 1992 al conservatorio del New England Nazionalità   Stati Uniti Genere Fusion Free jazz Hard bop Space music Jazz d'avanguardia Musica sperimentale Big band Periodo di attività musicale 1934 – 1993 Strumento pianoforte, sintetizzatore Modifica dati su Wikidata  · Manuale .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output...
Read more