Re: Gratuitous and duplicate differences

[Jeff Morriss <jeff.morriss.ws () gmail com>]

On Tue, Sep 13, 2016 at 7:06 PM, Bayu Notonegoro <kotakmilis () gmail com>
wrote:

> Hi All,
> Greetings.
> In wireshark, we can display filter both for arp.isgratuitous and
> arp.duplicate-address-detected. What is the different between both?
> Arp gratuitous is something to detect the duplicate IP. But when i see the
> duplicate-address-detected, i got confused. From what I see is that both
> filter give different output.
> So what are the differences?

A gratuitous ARP is an ARP requests that are basically the machine saying
"I'm here with this address."  Such ARPs have the source and destination IP
addresses set to the same value (the address of the sender).  Gratuitous
ARPs are a general concept--not something specific to Wireshark.

If Wireshark flags an ARP as duplicate-address-detected then that means
Wireshark has seen 2 or more hosts saying they have the same IP address
(or, more specifically, 2 or more MAC addresses advertising the same IP
address) - obviously that's (usually) a bad thing.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe