0

We've been randomly having internet outages at home I've been trying to diagnose. About once a week (randomly), it becomes very unreliable for half a day. About 9/10 of packets get dropped when I ping a server, and the routers I test sometimes fail to obtain a DHCP lease for a long time.

It's unreliable right now. Connected my Ubuntu laptop directly to the modem and ran tcpdump. Saw lots of ARP packets coming in from various routers on the subnet and pretty much nothing else. In some cases saw a DHCP request from my laptop without a response. Watched tcpdump every second for a while. There are about 5000 ARP packets received per second. Is this anywhere close to normal?

I'm suspecting it's related to the outage and also that it's crashing one of my routers, since I usually can't access its web setup page while it's connected to the modem. IDK what to tell the ISP support. The phone support people don't know what a "packet" is, and the problem always goes away by the time they can send a technician (though last the the technician didn't even have an ethernet port on his computer to test with).

Improve this question
7
  • Sounds more like someone is scanning your network.
    – Barmar
    Commented Jan 4, 2018 at 23:40
  • @Barmar The ISP's entire network under the first hop router? The ARP packets say to respond to a different IP address each time, and I don't see why they'd do that. Looks as if tons of routers on the network are performing a DDoS on everyone, but again that seems pointless.
    – sudo
    Commented Jan 4, 2018 at 23:45
  • The ARP requests aren't coming from the router IP? If this is a cable modem, there can be multiple IP subnets on the same cable node, so the router will have multiple IPs, and will use the appropriate one for each ARP.
    – Barmar
    Commented Jan 4, 2018 at 23:52
  • So it sounds like someone may be trying to DDOS your ISP.
    – Barmar
    Commented Jan 4, 2018 at 23:53
  • @Barmar They're coming from other routers' IPs on the same subnet as the address I usually get. To clarify, I'm testing with my laptop connected directly to the modem, not through my own router.
    – sudo
    Commented Jan 5, 2018 at 2:26

1 Answer 1

Reset to default
1

One can only guess at why it's happening. Mine is that the ISPs radius (authentication) servers are not working properly.

I expect that this is breaking DHCP (which sounds like a given). The arp traffic is probably computers trying to find traffic for the wider Internet on the wan interface as there is no gateway. It's not right but it's probably a side effect of the ISP issues and it's DHCP failures.

Improve this answer
1
  • He's since clarified that the ARP packets seem to be coming from other customer routers, not from the head-end router. Doesn't sound like a radius issue.
    – Barmar
    Commented Jan 5, 2018 at 17:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .