MontyRee wrote:
> Thanks for your answer.
>
>> Not another card, another network device - the one with
>> 00:23:5E:12:63:FE as it's ethernet MAC address.
>
> There is no another network device as I know.
> Can I check by some command except ifconfig or ip?
You must have at least one other thing on the network - like your router.
> # ip link show
> 1: lo: mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:a0:d1:e7:91:cc brd ff:ff:ff:ff:ff:ff
> 3: eth1: mtu 1500 qdisc noop qlen 1000
> link/ether 00:a0:d1:e7:91:cd brd ff:ff:ff:ff:ff:ff
> 4: sit0: mtu 1480 qdisc noop
> link/sit 0.0.0.0 brd 0.0.0.0
It is some other box.
>> Your eth0 MAC address is: 00:A0:D1:E7:91:CC from the ifconfig output you
>> posted. Look though the rest of the arp list to find the IP address in
>> the 192.168.195.xx range with the 00:23:5E:12:63:FE MAC to see which
>> device is sending the arps.
>
> 00:23:5E:12:63:FE is a cisco vendor device and gateway mac address.
> Is it a bug of the NIC or OS?
The OS just stores arp responses something else sends it. That's
normal. What is odd is that some device on the connected ethernet is
sending arp responses for IP address that don't belong to the same
subnet. That means it is configured to proxy-arp. Long ago people
would sometimes configure routers to proxy-arp and not set default
routes on other equipment but I haven't heard of a setup like that in
years. You might try running wireshark to see if the linux box is
sending arp queries (it shouldn't except for addreses within the
netmask) or if it just collecting broadcasts.
--
Les Mikesell
lesmikesell at gmail.com