While experimenting, I noticed something that I don't understand --err
well there are a lot of things I don't understand, but this one bothers
me a bit.
If I kill all the deamons `kill -9 -1`, I would expect that the Linux
machine would be a quiet machine on the network. Not so. It periodically
does an ARP for 204.178.40.255, 204.178.41.255, 42.255, etc. The network
address is 204.178.40.0, netmask is 255.255.248.0. Why would it be
ARPing a broadcast address? In principle, with a netmask of 255.255.248.0,
the broadcast address should be 204.178.47.255, but many machines use
the broadcast address of each 'C' subnet, i.e., 40.255, 41.255, 42.255, etc.
Why would a Linux machine with no `known` network activity even care about
ARPing these addresses? It seems real strange. The ARP cache contains
these addresses, put there I think, when the machine was configured for
routing and transparent proxy:
cisco.analogic.com IP 204.178.40.1 HW 00:00:0C:0A:3E:D3
boneserver.analogic.com IP 204.178.40.210 HW 08:00:00:85:63:33
unknown host IP 204.178.41.255 HW 00:00:00:00:00:00
quark.analogic.com IP 204.178.40.236 HW 00:00:00:00:00:00
unknown host IP 204.178.42.255 HW 00:00:00:00:00:00
skunkworks.analogic.com IP 204.178.40.100 HW 08:00:00:30:91:73
unknown host IP 0.0.0.0 HW 00:00:00:00:00:00
I do not use the routed daemon. Only static routes are configured.
I think that these addresses are being `expired` and the network
code attempts to `refresh` them by sending the ARP who-is message
on the LAN. If so, this might be a tiny bug.
Cheers,
DJ
Richard B. Johnson
Analogic Corporation
Penguin : Linux version 2.1.44 on an i586 machine (66.15 BogoMips).
Warning : It's hard to stay on the trailing edge of technology.
Linux : Engineering tool
Windows : Typewriter