3

I am trying to use Wireshark to find the root cause of a particularly slow network, and started by examining Broadcast traffic.

Not only does Broadcast traffic represent over 25% of total traffic (at around 66 packets per second), but also some servers repeatedly query the same host.

This diagram below shows one host repeatedly sending broadcast traffic to query one host.

wireshark capture

Any idea what might cause this?

Improve this question
2
  • We can clearly see both the hosts are on different networks, your troubleshooting should start from there, you should tell us more details about the network: the subnet masks? vlans? hows the routing done? Commented Nov 2, 2015 at 9:43
  • Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer. Commented Aug 9, 2017 at 15:25

1 Answer 1

Reset to default
3

It seems the destination IP address (172.20.13.122) is not answering the ARP requests. The source IP (172.20.0.31) is trying to reach that address for some reason and thus is continuing sending ARP requests until it gets an answer or it gives up on reaching the host.

The reason could be that the destination host is offline or unreachable, or that the source host has a wrong subnet mask so that it is sending ARP requests instead of sending the packets to the gateway.

Improve this answer
2
  • The destination IP address might be in a different VLAN; which is very common. Commented Apr 28, 2014 at 7:22
  • 1
    Are you seeing the ARP replies for this particular request ? If not there is a connectivity issue somewhere along the link. Commented Apr 28, 2014 at 8:41

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.