Hi,
I've installed the network map app by marketplace and after this i was getting several message by mail like this
But now i have uninstalled the app, i'm still getting these messages.
Where are those coming from and how can i stop this.
I've installed the network map app by marketplace and after this i was getting several message by mail like this
hostname: <unknown>
ip address: 192.168.1.232
ethernet address: 0:c:f6:72:a8:69
ethernet vendor: Sitecom Europe BV
old ethernet address: 20:78:f0:cd:76:cc
old ethernet vendor: <unknown>
timestamp: Thursday, March 16, 2017 15:25:07 +0100
previous timestamp: Thursday, March 16, 2017 14:11:52 +0100
delta: 1 hour
But now i have uninstalled the app, i'm still getting these messages.
Where are those coming from and how can i stop this.
In Network Map
Share this post:
Responses (3)
-
Accepted Answer
Hmm... left it running here as it's useful. The message posted re. "flip-flop" actually pointed out a real problem. Tracked it down to a newly purchased adsl modem. Use the modem's vlan capability here on some interfaces. In this case, even though the modem dhcp server had been turned off according to it's web configuration page, it remained active on just the modem vlan interface. So the flip-flop was a device alternatively getting an address from one dhcp server - then another. That modem went back to the store in a hurry. A different modem fixed that problem. Not the easiest of problems to solve - but arpwatch was the trigger to alerting me to the modem's firmware issues... did try flashing the latest version available first - manufacturer's support solution in China? return modem to the store and get my money back! not going to fix the firmware :-(
From: Arpwatch root@sraellis.com
Subject: new station (carolyn-1.sraellis.com)
To: root@sraellis.com
hostname: carolyn-1.sraellis.com
ip address: 192.168.1.97
ethernet address: 0:25:86:e0:2c:cb
ethernet vendor: TP-LINK Technologies Co., Ltd.
timestamp: Friday, March 10, 2017 18:40:20 +1100
I also get messages like the above when a new system connects - useful. Do not get a continuous stream of messages with normal operation of my systems so leave arpwatch running to do its job... Maybe you should analyse why you are getting your messages - it could point to a problem. Maybe you have and are satisfied there is nothing wrong - obviously your call... -
Accepted Answer
-
Accepted Answer
Here's a similar example from my system...
From: Arpwatch root@sraellis.com
Subject: flip flop (wrt54g-2.sraellis.com)
To: root@sraellis.com
hostname: wrt54g-2.sraellis.com
ip address: 192.168.2.1
ethernet address: 18:a6:f7:57:2:c0
ethernet vendor: <unknown>
old ethernet address: 0:12:17:2f:49:2
old ethernet vendor: Cisco-Linksys, LLC
timestamp: Thursday, December 8, 2016 8:04:32 +1100
previous timestamp: Thursday, December 8, 2016 8:04:28 +1100
delta: 4 seconds
The "From:* gives the game away - arpwatch
[root@alex bin]# top -b -n 1 | egrep 'PID|arp'
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2851 arpwatch 20 0 11824 3008 2556 S 0.0 0.1 2:04.50 arpwatch
2857 arpwatch 20 0 11820 2960 2556 S 0.0 0.1 2:35.86 arpwatch
2862 arpwatch 20 0 11820 2972 2552 S 0.0 0.1 0:26.33 arpwatch
2868 arpwatch 20 0 11820 2964 2556 S 0.0 0.1 0:31.09 arpwatch
2883 arpwatch 20 0 11608 3012 2540 S 0.0 0.1 0:54.44 arpwatch
Edit: The cut and paste dropped the most important word - typo fixed
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »