Back on May 7th I posted about a very annoying problem I was having with my news server loosing network connectivity randomly. All tcp ports would disappear except for lpd and then come back some time later. Nothing in the logs indicated any problems. It turns out the root cause of this problem was duplicate IP Address assignments. The IP assigned to the news server had once been assigned to a printer. This printer had been offline for several months because it was broken and waiting for parts, but no one had wiped its configuration when its IP was recycled and assigned to another device, my news server. Everything ran fine until someone reconnected the still broken printer to the network..... This printer then started sending arp reply packets whenever someone arp'ed for the news server's MAC address. Whichever device replied last got its MAC in the arp cache which is what caused the tcp services on the news server to apparently disappear and reappear. We never got an IP Address conflict on the server because no TCP/IP traffic was ever sent to the broken printer because everyone knew it was broken and its queues had been turned off. The news server never saw TCP/IP traffic with its IP address and the wrong MAC because our network is heavily switched; the traffic just never got presented to it when the wrong MAC was in everyone else's arp caches. So this printer just sat there doing nothing except sending arp replies for my news server's IP address and thereby causing havoc. I never even considered this possibility until I noticed the wrong MAC address in the arp cache entry for the news server in my workstation's arp cache. Then everything clicked and a quick tcpdump revealed the culprit. --[Lance] - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
