El mar, 16-11-2004 a las 17:02 -0500, Jason Opperisano escribió: > it's more likely that ff:ff:ff:ff:ff:ff is the destination mac, not the > source... Nope, I was quite surprised too, but that's the src mac. > arp "who-has" packets are vital to the proper functioning of a local > area network--it's how each host finds the MAC address associated with > each IP on the network. I've seen some viruses lately trying to forge their ip/mask, maybe this is the cause, since I've never since traffic FROM that mac. > the volume of traffic you're seeing is a symptom of the fact that you > have a /16 configured as a flat, switched network. > > the guy that i learned TCP/IP networking from once told me a good > guideline is to never have more than 1024 hosts in a single layer-2 > broadcast domain, as the broadcast traffic becomes unmanageable. he > knew a whole lot more than i ever will--so i try to stick to that when i > (re)design a network. Mmm, it's a /16 but I don't have more than about 500 computers. Maybe I should resize the network to a /22 or so. Thank you very much, Eduardo
