On Tue, 2004-11-16 at 16:45, Eduardo FernÃndez wrote: > Hi all, > > i know this is not strictly about netfilter, but here it goes: it sure isn't. > While I was deploying my firewall script, I noticed some weird traffic > from mac ff:ff:ff:ff:ff:ff in my router's private interface. it's more likely that ff:ff:ff:ff:ff:ff is the destination mac, not the source... > Later on I > noticed the same traffic in other computers within the network. The > traffic was arp who-has packets at a constant rate of about 35 kbytes/s. > It's a /16 network in a switched environment. arp "who-has" packets are vital to the proper functioning of a local area network--it's how each host finds the MAC address associated with each IP on the network. the volume of traffic you're seeing is a symptom of the fact that you have a /16 configured as a flat, switched network. the guy that i learned TCP/IP networking from once told me a good guideline is to never have more than 1024 hosts in a single layer-2 broadcast domain, as the broadcast traffic becomes unmanageable. he knew a whole lot more than i ever will--so i try to stick to that when i (re)design a network. -j -- "Silly customer, you cannot hurt a Twinkie!" --The Simpsons
