接入交换机频繁向同网段其他IP发起ARP请求
- 0关注
- 0收藏,386浏览
问题描述:
S1850
version 5.20.99, Release 1101
H3C作为接入交换机,在网络中镜像抓包发现会向其他同网段IP发起ARP请求,感觉像是在扫描。
原理来说是有通信才需要ARP请求,接入与接入之间又不需要通信,正常来说是不需要发ARP请求的。
抓包只有arp报文,占整个抓包文件比例:2.6%
附上交换机配置:
<1.1.1.70>disp current-configuration
#
version 5.20.99, Release 1101
#
sysname 1.1.1.70
#
domain default enable system
#
ipv6
#
telnet server enable
#
port-group-vlan 1
#
password-recovery enable
#
acl number 2000
rule 0 permit source 192.168.11.85 0
rule 2 permit source 1.1.1.72 0
rule 10 deny
#
vlan 1
#
vlan 2 to 210
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$h7hl6qtEy/3OvEhdvSBNZXnRbzweQ0weU4o=
authorization-attribute level 3
service-type telnet
service-type web
#
stp enable
#
interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface10
ip address 1.1.1.70 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 4
#
interface GigabitEthernet1/0/2
port access vlan 4
#
interface GigabitEthernet1/0/3
port access vlan 4
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 19
#
interface GigabitEthernet1/0/5
port access vlan 4
#
interface GigabitEthernet1/0/6
port access vlan 4
#
interface GigabitEthernet1/0/7
port access vlan 18
#
interface GigabitEthernet1/0/8
port access vlan 4
#
interface GigabitEthernet1/0/9
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 19
#
interface GigabitEthernet1/0/10
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 19
#
interface GigabitEthernet1/0/11
port access vlan 4
#
interface GigabitEthernet1/0/12
port access vlan 4
#
interface GigabitEthernet1/0/13
port access vlan 4
#
interface GigabitEthernet1/0/14
port access vlan 4
#
interface GigabitEthernet1/0/15
port access vlan 4
#
interface GigabitEthernet1/0/16
port access vlan 4
#
interface GigabitEthernet1/0/17
port access vlan 4
#
interface GigabitEthernet1/0/18
port access vlan 4
#
interface GigabitEthernet1/0/19
port access vlan 4
#
interface GigabitEthernet1/0/20
port access vlan 4
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
port access vlan 4
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/24
port access vlan 4
#
interface GigabitEthernet1/0/25
#
interface GigabitEthernet1/0/26
#
interface GigabitEthernet1/0/27
#
interface GigabitEthernet1/0/28
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
#
snmp-agent
snmp-agent local-engineid 383030303633413236353133414337343039414336453430
snmp-agent community read read
snmp-agent community write write
snmp-agent sys-info version all
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 4
acl 2000 inbound
user privilege level 3
set authentication password cipher $c$3$BWdkvA3fiCLNDxug+yXRszBlnU1zYCCZgLo=
protocol inbound telnet
user-interface vty 5 15
#
return
<1.1.1.70>
CPU进程
<1.1.1.72>disp process
JID PID %CPU %MEM STAT PRI THIRD TTY HH:MM:SS COMMAND
1 1 0.0 0.0 S 120 N - 00:04:17 scmd
2 2 0.0 0.0 S 115 N - 00:00:00 [kthreadd]
3 3 0.0 0.0 S 99 N - 00:00:00 [migration/0]
4 4 0.0 0.0 S 115 N - 00:00:00 [ksoftirqd/0]
5 5 0.0 0.0 S 99 N - 00:00:00 [watchdog/0]
6 6 0.0 0.0 S 115 N - 00:00:01 [events/0]
7 7 0.0 0.0 S 115 N - 00:00:00 [khelper]
9 9 0.0 0.0 S 115 N - 00:00:00 [kblockd/0]
10 10 0.0 0.0 S 115 N - 00:00:00 [khubd]
11 11 0.0 0.0 S 115 N - 00:00:00 [kseriod]
12 12 0.0 0.0 S 120 N - 00:00:00 [vzmond]
13 13 0.0 0.0 S 120 N - 00:00:00 [pdflush]
14 14 0.0 0.0 S 120 N - 00:00:01 [pdflush]
15 15 0.0 0.0 S 115 N - 00:00:00 [kswapd0]
16 16 0.0 0.0 S 115 N - 00:00:00 [aio/0]
17 17 0.0 0.0 S 115 N - 00:00:00 [mtdblockd]
36 36 0.1 0.0 D 120 N - 00:02:58 [TMTH]
37 37 0.0 0.0 S 105 N - 00:00:00 [dGDB]
38 38 0.0 0.0 D 115 N - 00:00:04 [DSTK]
39 39 0.0 0.0 S 105 N - 00:00:00 [DST2]
40 40 0.0 0.0 D 115 N - 00:00:08 [DST3]
41 41 0.0 0.0 D 115 N - 00:00:00 [TSTK]
42 42 0.0 0.0 S 115 N - 00:00:00 [DrvD]
43 43 0.0 0.0 S 115 N - 00:00:00 [DSYN]
44 44 0.0 0.0 S 115 N - 00:00:00 [DIPC]
45 45 0.0 0.0 S 115 N - 00:00:00 [TXAT]
46 46 0.0 0.0 S 115 N - 00:00:00 [DVP]
47 47 0.0 0.0 S 115 N - 00:00:00 [DDEV]
48 48 0.1 0.0 D 115 N - 00:29:49 [DTIM]
51 51 0.0 0.0 D 115 N - 00:00:00 [IntTask]
52 52 0.0 0.0 D 115 N - 00:00:00 [IntTask]
53 53 0.0 0.0 D 115 N - 00:00:00 [evHndl_0]
54 54 0.0 0.0 D 115 N - 00:00:00 [evHndl_1]
55 55 0.1 0.0 D 100 N - 02:21:27 [evHndl_2]
56 56 0.0 0.0 D 100 N - 00:00:16 [evHndl_3]
57 57 0.0 0.0 D 100 N - 00:05:17 [evHndl_4]
58 58 0.0 0.0 D 100 N - 00:00:00 [evHndl_5]
59 59 0.0 0.0 D 100 N - 00:00:00 [evHndl_6]
60 60 0.0 0.0 D 115 N - 00:00:36 [evHndl_9]
63 63 0.0 0.0 S 110 N - 00:00:01 [DQIT]
64 64 0.0 0.0 D 120 N - 00:00:12 [TRUN]
65 65 0.3 0.0 S 120 N - 01:57:29 [STAT]
66 66 0.0 0.0 D 120 N - 00:07:33 [D_MI]
67 67 0.0 0.0 S 120 N - 00:28:15 [FMCK]
68 68 0.0 0.0 S 120 N - 00:14:32 [T_DM]
69 69 0.0 0.0 S 125 N - 00:01:19 [mIPC]
70 70 0.0 0.0 D 115 N - 00:00:00 [TMCS]
71 71 0.0 0.0 D 115 N - 01:07:40 [NAEvHndl]
72 72 0.0 0.0 D 115 N - 00:00:01 [TMCC]
73 73 0.0 0.0 S 125 N - 00:00:01 [DARP]
74 74 0.0 0.0 S 125 N - 00:00:00 [T_ST]
75 75 0.0 0.0 D 115 N - 00:00:00 [TMCN]
76 76 0.1 0.0 S 125 N - 02:27:59 [T_SI]
77 77 0.0 0.0 S 115 N - 00:00:00 [TL3P]
78 78 0.0 0.0 D 115 N - 00:00:00 [MRFS]
79 79 0.0 0.0 S 115 N - 00:00:00 [IPMC]
80 80 0.1 0.0 D 120 N - 00:24:40 [SCAR]
81 81 0.0 0.0 D 115 N - 00:00:02 [D_UN]
82 82 0.0 0.0 D 115 N - 00:00:00 [RSF0]
85 85 0.1 0.0 D 105 N - 00:53:23 [PMOT]
88 88 0.0 0.0 D 100 N - 00:00:00 [lipc_topology]
90 90 0.0 0.0 S 120 N - 00:00:00 [LOAD]
91 91 0.0 0.0 S 120 N - 00:00:00 [LOADProc]
92 92 0.0 0.0 S 115 N - 00:00:00 [kdlipc]
93 93 0.0 0.0 S 115 N - 00:00:00 [krpc_event]
94 94 0.0 0.0 S 115 N - 00:00:00 [krpc_serv]
95 95 0.0 0.0 S 100 N - 00:00:00 [STM_Main]
96 96 0.0 0.0 D 105 N - 00:00:03 [hellopkt]
97 97 0.0 0.0 S 120 N - 00:00:00 [timesyncs]
98 98 0.0 0.0 S 115 N - 00:00:00 [lipc_portevt]
99 99 0.0 0.0 S 105 N - 00:00:02 [kevent]
100 100 0.0 0.0 S 125 N - 00:01:31 [kifupdown]
101 101 0.0 0.0 S 115 N - 00:00:38 [DRVR]
102 102 0.0 0.0 S 120 N - 00:00:00 [OPTK]
103 103 0.0 0.0 S 120 N - 00:04:13 [kmac/1]
104 104 0.0 0.0 S 120 N - 00:00:00 [kipfs/1]
105 105 0.0 0.0 S 120 N - 00:00:00 [kip6fs/1]
106 106 0.0 0.0 S 120 N - 00:00:00 [mbuf_main]
107 107 0.0 0.0 S 105 N - 00:00:17 [sock/1]
109 109 0.0 0.0 S 110 N - 00:00:00 cioctld
110 110 0.0 0.0 S 120 N - 00:00:00 fsd
113 113 0.0 0.3 S 100 N - 00:02:15 dbmd --mini
115 115 1.5 0.1 S 120 N - 06:07:41 diagd -dflash --
116 116 0.0 0.0 S 105 N - 00:00:00 had
117 117 0.0 0.1 S 120 N - 00:02:53 syslogd --logfil
118 118 0.1 0.0 S 120 N - 01:12:28 devd --TimeSourc
122 122 0.0 0.1 S 120 N - 00:06:31 ifmgr --pigroupn
123 123 0.0 0.0 S 120 N - 00:00:04 edev --Fiber --R
133 133 0.0 0.9 S 120 N - 00:00:11 comsh server
134 134 0.0 0.0 S 120 N - 00:15:24 sysmand
135 135 0.0 0.1 S 120 N - 00:00:02 lauthd --MaxMana
136 136 0.0 0.0 S 120 N - 00:00:00 ttymgrd --MaxAUX
137 137 0.0 0.1 S 120 N - 00:00:09 aaad
138 138 0.0 0.1 S 110 N - 00:00:06 laggd
139 139 0.0 0.0 S 120 N - 00:00:00 tranged
140 140 0.0 0.1 S 120 N - 00:00:05 vland --MaxSuper
141 141 0.0 0.1 S 120 N - 00:00:07 httpredrd
152 152 0.0 0.1 S 120 N - 00:00:03 aclmgrd
156 156 0.0 0.1 S 120 N - 00:00:01 qosd
163 163 0.0 0.0 S 120 N - 00:00:08 ethd
164 164 0.0 0.0 S 125 N - 00:00:00 coppd
171 171 0.0 0.0 S 130 N - 00:00:00 ftpd
172 172 0.0 0.1 S 125 N - 00:00:05 ipstackd --ARPMa
173 173 0.1 0.1 S 120 N - 01:58:36 lldpd
174 174 0.0 0.0 S 110 N - 00:00:01 lpdtd
175 175 0.0 0.1 S 120 N - 00:00:00 routed --ipv4
176 176 0.0 0.5 S 120 N - 01:34:27 snmpd
177 177 0.1 0.1 S 110 N - 00:53:14 stpd
178 178 0.0 0.0 S 119 N - 00:00:00 telnetd -6
179 179 0.0 0.0 S 119 N - 00:00:00 telnetd -I
186 186 0.0 0.1 S 120 N - 00:00:00 staticrtd --ipv4
188 188 0.0 0.0 S 115 N - 00:38:30 [karp/1]
189 189 0.0 0.0 S 115 N - 00:00:11 [kwadj/1]
191 191 0.0 0.0 S 115 N - 00:00:00 [kfib/1]
934012 934012 0.0 0.0 S 119 N - 00:00:01 telnetd -6
934013 934013 0.0 0.0 S 120 N - 00:00:00 login --ipv4 192
934014 934014 0.0 0.0 S 120 N - 00:00:00 comshc shell lev
934015 934015 0.0 0.6 S 120 N pts/0 00:00:01 comsh server
935029 935029 0.0 0.5 S 120 N pts/0 00:00:00 comsh server
935030 935030 0.0 0.4 S 120 N pts/0 00:00:00 comsh server
<1.1.1.72>
- 2024-05-23提问
- 举报
-
(0)
最佳答案
您好,这个服务器是不是没有响应arp,然后其他客户端又有向服务器通信的需要,才导致交换机一直请求呢?
- 2024-05-23回答
- 评论(2)
- 举报
-
(0)
另外接入交换机和其他接入交换机正常是不需要通信的,只需要跟网关通信。 那为啥这台交换机发起大量ARP请求。 感觉是在扫面这个网段。
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
另外接入交换机和其他接入交换机正常是不需要通信的,只需要跟网关通信。 那为啥这台交换机发起大量ARP请求。 感觉是在扫面这个网段。