I have a problem with one of our solaris servers, an arp table entry is changing every so often for one of the other servers (WINSERVER) on the network.
It will start out with the correct MAC address for WINSERVER (10.10.10.1) but it is being replaced by other mac addresses which belong to servers 10.10.10.15 and 10.10.10.29.
The only way to get the correct mac address is to delete the arp entry for WINSERVER and it will discover the correct mac address again for a limited time.
All servers are on the same network so no routers are involved.
What could be causing this?
Best Answer
Have you sniffed for arp traffic to see what's being sent out, and from where? That would be my first step. Maybe it's screwing up because the other machines are sending advertisements.
Whatever you find there would lead to your next step. If you have evidence that the other machines are sending ads, login and check the network config with a fine tooth comb. Virus scans all around. Look for more strange traffic from them.
If there are no advertisements, but it still changes the arp table...well, come back and let us know, because I've got no idea.