how-to block ads
The first time A wants to send an IP packet to B, it initiates a conversation like this:
1) A -> FF:FF:FF:FF:FF:FF, ARP who has 10.0.0.2? This is a broadcast ethernet frame. It goes to every computer connected to the segment.
2) B -> A, ARP I have 10.0.0.2. This reply is directed specifically to A.
Now A knows that B is on the same segment as itself and the ip address 10.0.0.2 is associated with the ethernet MAC 00:00:00:00:00:02. Any traffic bound for 10.0.0.2 is then addressed to 00:00:00:00:00:02. It caches this ARP entry so it doesnt have to rebroadcast every time it sends a packet to B.
The same principle applies to a CMTS. All the computers connected to cable modems registered on the CMTS are on a virtual ethernet. When the CMTS receives an ip packet, it sends out a broadcast ARP request to every computer attached to the interface for that subnet to find out what CPE MAC is associated with the IP. Most (all?) markets are now using ip bundling, which means that subnets span multiple interfaces. Because of this, each bundled interface has more customers on it, and thus they see a good deal more ARP traffic than they did back in the @Home days.
An ethernet ARP packet is only 60 bytes long, so the extra traffic does not affect the customers service in any way.
So to sum it all up:
1) Its normal for customers to see lots of ARP requests
2) Its normal for customers to see ARP requests for ip addresses on subnets other than the one their computer is currently on
3) The ARP traffic is harmless.
(SPECIAL THANKS: To the Cox abuse department for this input)
ARP traffic is INCLUDED in your data totals for your connection usage and does count against the amount specified in the Cox usage limitation policy. It is estimated that approximately 1GB per month in traffic to your connection is ARP packets.