# ARP request for XXX.XXX.XXX.XXX

## NightwalkerPL

Hello,

Tonight I'll discover in iptraf this:

```
ARP request for 85.198.212.XXX (46 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (40 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (78 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (46 bytes) from 0002b3af57ad to ffffffffffff on eth0

ARP request for 85.198.212.XXX (46 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (40 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (78 bytes) from 001b382b29eb to ffffffffffff on eth0

ARP request for 85.198.212.XXX (46 bytes) from 0002b3af57ad to ffffffffffff on eth0
```

A lot of red marked packets like the one above.

This is normal or not?

Thanks in advance,

Nightwalker.

----------

## tylerwylie

Sounds like fun, wondering where those packets could come from try tracking down the IP address by subnets.

----------

## UberLord

dhcpcd does an ARP request to check the IP given by the DHCP server is really available or not.

Of course you may or may not be using dhcpcd, but it is the default Gentoo DHCP client.

----------

## gerdesj

 *NightwalkerPL wrote:*   

> Hello,
> 
> Tonight I'll discover in iptraf this:
> 
> ```
> ...

 

We can not determine your network setup by telepathy ...

If it helps, you have some MAC addresses of devices that are ARPing you.  #arp -a will dump your ARP cache and you may get some ideas from the IP addresses that are doing the ARPing.

We need more detail.  For starters what is 85.198.212.xxx, is it your internet connection? a subnet of addresses?

Cheers

Jon

----------

