What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Any way to block ARP broadcast forwarding on a specific hardware port?

V

VincentMcKenzie

New Around Here
I have device on my network that stupidly sends out ARP broadcasts every second asking who has its own IP address (below is a record from a Wireshark capture):

32:bd:9f Broadcast ARP Who has 192.168.0.21? Tell 0.0.0.0

This is not related to DHCP (I have that off and the device has a static IP). Nor does any other device on the network have the same IP.

Why is this a problem? It is completely destroying the battery life of every mobile device connected to the WiFi network. Looking at my Android phone, 98% of the battery drain is attributed to WiFi RX Wakelocks and it has 0 seconds in "Deep Sleep". In other words, the phone cannot enter a low power state because it is having stay awake to handle these ARP broadcasts. It runs out of battery from a full charge in about 2 to 3 hours. The same thing happens to the rest of the household's tablets and mobile phones.

To put this in perspective, if I disconnect this misbehaving device from the network, the battery life of my phone is still at 70%-80% after 16 hours and it report that it has been in a deep sleep for about 15 hours of that time. Other devices have similar battery life improvements.

I've reported the bug to the vendor but I'm not holding out much hope.

I know that if I have a 2nd router, I can segment the network because routers don't normally forward broadcasts to other segments - but this requires me to buy an additional router.

I could also run the WiFi in "Isolation" mode so that all the WiFi devices can only access the internet and not the LAN (hence they don't get LAN broadcasts). Unfortunately I need to access my LAN from the WLAN (for printers and remote desktop etc).

So, I'm wondering if there's anything I can do from the RT-N66U side. The offending device is plugged directly into a specific port RT-N66U and I'm kinda wondering if anybody has any cool ideas how I can tell the RT-N66U not to forward ARP broadcasts received via that port.
 
Just curious what device is the one sending out ARP broadcasts ? You may be able to filter out this via a custom Iptables rule, however you would need Merlin's custom firmware to save the rule as a start up script as in the stock firmware custom rules are lost after a reboot.
 
The device sending out the ARP broadcasts is the Arduino Ethernet (and also a DVR security system that has the same issue, it runs an embedded Linux).

iptables can't block ARPs, but of course arptables can...
 
You are correct, I mis-read you post, based on the packets you described it appears to be arp probes. Are all you hosts set to DHCP or are any of them statically set ? I would check to see if there are any potential IP conflicts between any of your hosts. Also if you are not using any upnp services, you could unbridge a port drop that annoying device to a different subnet with its own vlan like vlan3.
 
Everything is static and DHCP is off on my routers. It's not an IP conflict - even if I radically change the Arduino's IP (e.g. to 10.0.0.X) and unplug the rest of the network it still does it.
 
Address Conflict Detection

VincentMcKenzie said:
I have device on my network that stupidly sends out ARP broadcasts every second asking who has its own IP address (below is a record from a Wireshark capture):

32:bd:9f Broadcast ARP Who has 192.168.0.21? Tell 0.0.0.0
Click to expand...
Hi,

By searching for the message I found this:
This is standard behavior to prevent IP conflicts. It is dicussed in RFC 5227 IPv4 Address Conflict Detection. It also allows routers and neighbors to update their APR tables so they can communicate with your computer.

By asking who has an IP address it is possible to determine if the IP address is in use. This allows the computer to at least log the existence of a conflict if one exists.

It is this mechanism that allows a computer to use automatic IP address configuration to work using the given address block. Computers generate an address in this range, and then use APR to see if it available. If not they try other addresses until they find one available. As the networks are usually small and the address range covers over 65000 addresses, they can find an address quickly.

The arpwatch utility builds a database based on the arp messages which can be used to notify administrators if address are in conflict, or are being moved to new hardware.
(Link to the original discussion thread)
Click to expand...

To me this looks like a normal behaviour of your arpwatch enabled device... :confused:

What is the particular device all about?
Maybe than we can start finding a solution to diable this confilict search ON the device... :eek:

With kind regards
Joe :cool:
 
The arduino isn't an "arpwatch enabled device". Arpwatch is a network tool used to monitor ARP behaviour on the network. So, a network administrator might install arpwatch on their Linux box, but it certainly doesn't come as part of the Arduino Ethernet library.

It's standard behaviour to do this kind of ARP broadcast once for each IP address it uses or tries to access. But I disagree that it's standard behaviour to do this every time it tries to establish a connection. It should then store this information in its ARP table. If you reboot a PC it'll do this for every IP it uses, once, and then never does it again until you reboot it again.

To put this in perspective, I have over 60 devices on my home network - PCs, network cameras, printers, routers, phones, tablets, embedded systems, Arduinos, DVRs, media centres, etc. Only two of these devices have this issue (the Arduino and my DVR). The manufacturers of the DVR are even fixing this "bug" in their latest firmware.

I imagine storing this kind of data would use too much RAM on an Arduino, hence it doesn't do it.
 
32:bd:9f Broadcast ARP Who has 192.168.0.21? Tell 0.0.0.0
Click to expand...

Yes it seems that you have a problem on your network. The device that generates this arp request must not have an address of 0.0.0.0 (see the tell info above). Makes sure this device has a static ip address or using the dhcp protocol (if there is a dhcp server on the network). For a test you may just set it with a static ip address to see if your problem will disappears...
 
VincentMcKenzie said:
Everything is static and DHCP is off on my routers. It's not an IP conflict - even if I radically change the Arduino's IP (e.g. to 10.0.0.X) and unplug the rest of the network it still does it.
Click to expand...

See above.

The device that generates it is the Arduino. You can tell that that because the source MAC address is that of the Arduino.

To be absolutely clear even if the Arduino is plugged directly via a crossover lead into my laptop, and both have a static IP, it still does this.
 
Last edited:
You must log in or register to reply here.

Similar threads

K
Request to update Merlin firmware for an AC router/s.
Replies
7
Views
942
MDM
MDM
K
Printer is staying awake and phone battery drains overnight.
Replies
12
Views
696
KGB7
K
OldManBrodie
Any way to force an AIMesh node to broadcast a certain SSID?
Replies
7
Views
604
bbunge
B
John DeLuca
Any way to make devices join the IOT network
Replies
5
Views
420
kuchkovsky
K
I
Tutorial Change Wireless settings that have improved TimeMachine stability
Replies
6
Views
716
iTyPsIDg
I

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 672 (members: 11, guests: 661)
Back
Top