- 论坛徽章:
- 0
|
本帖最后由 zhanglei95271 于 2010-09-09 10:16 编辑
我有一个linux服务器 只提供WEB服务和NDS服务。但是近期机发现服务器发送大量ARP包
命令:tcpdump -qne arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:08:18.279889 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.106 tell 192.168.1.118
09:08:18.655831 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.110 tell 192.168.1.118
09:08:18.658832 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.121 tell 192.168.1.118
09:08:18.727820 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.122 tell 192.168.1.118
...
...
...
09:08:51.483791 00:15:17:11:f7:f4 > 00:e0:0f:8b:d2:98, ARP, length 42: arp who-has 192.168.1.126 tell 192.168.1.118
09:08:51.485497 00:e0:0f:8b:d2:98 > 00:15:17:11:f7:f4, ARP, length 60: arp reply 192.168.1.126 is-at 00:e0:0f:8b:d2:98
09:08:51.488791 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.109 tell 192.168.1.118
09:08:51.542785 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.110 tell 192.168.1.118
09:08:51.588776 00:15:17:11:f7:f4 > Broadcast, ARP, length 42: arp who-has 192.168.1.99 tell 192.168.1.118
类似这样的还有N多。
说明:00:15:17:11:f7:f4 这个是我本机的MAC地址,192.168.1.118这个也是我本机的IP。
求助好心人啊。这是什么问题 怎么解决呢? |
|