ARP seeming to not resolve?

I enjoy using forums coupled with hands on experience to better understand things. So as my first post here, I have a question which likely has a simple answer.

In trying to understand more about network traffic I figured, why not just see what wireshark picks up here at work and then anything I don't understand, I research.

I'm seeing is a "who is" request from the router for the IP address my machine is using. The following traffic is my computer replying with the MAC address. Then it repeats, so I'm presuming that means the router is not receiving it? Running arp -a returns only the router. There are other devices logged in (at the very least, my cell phone is also on the same network).

Thanks for helping me understand this better!

It's passive on a guest network. I didn't submit a formal request. Always open to learning otherwise, but I can't think of anything being revealed or harmed. Not worried about it either way, just trying to learn more.

I do appreciate the concern. It's a small company, there is no IT department. Heck, they ask for my input on plenty of the "computer stuff" and I'm trying to learn more. The ARP command only lists the router. I'm curious to understand why the router would be sending the same whois every few seconds or so even though it's receiving the answer. Could it indicate we have a setting configured incorrectly, which would then end up slowing the network down because it's trying to recreate the ARP table? If that's the case, then why is it only looking for the computer I was on rather than other devices?

Could it indicate we have a setting configured incorrectly, which would then end up slowing the network down because it's trying to recreate the ARP table? If that's the case, then why is it only looking for the computer I was on rather than other devices?

Keep in mind that when you're running Wireshark on your PC it's scanning and analyzing network traffic based on your PC and its interactions with the local network's router. It's the router and manages and maintains the entire local network you're connected it. And that interacting takes place at a frequent and constant basis -- i.e. whether you're actually doing something that involves network access or not, in the background your PC and the router are constantly exchanging data packets to maintain a connection.

arp -a and Wireshark will show IP's and traffic on a specific network, ie. the "guest" network you are connected to. You won't see the "main" network, only the IP of that same router. 

Right, I was only expecting returned IPs on the guest network as I know it's isolated from the business network my workstation uses, so I'm not expecting any results from there. But I also know other devices were connected to the guest at the time, specifically, I know my cell phone was, and I'm sure others were too. The only "who has" request I saw was for the IP of my computer. My computer was able to access the internet.

I guess I'm assuming it's the router sending the request...

Should there be an acknowledgement to the response? Each time the "Who has" comes up, my computer sends a response, it just doesn't seem to be making it. Something isn't clicking here or else it wouldn't keep requesting the information.

So because this is a guest wifi, my machine would only need to know the gateway out right? Is that what causes the ARP table to empty, other devices, including my phone, are not sharing their data? I've never configured something like that before so I'm not sure what normal looks like.

Okay, now I'm confused... I suppose I started out confused.

I have two laptops both connected to the same wifi SSID but are on different subets. 

The first laptop I've been using is 10.208.178.21

The 2nd is 10.80.18.39

The IP for laptop one has been the same, so doesn't that mean something in the network is recognizing the MAC and the router is maintaining the IP over multiple days?

We have a IT contract guy, so next time he's in I will have to ask what's up, unless anyone can think of a reason? I asked the other in house guy that does some of our technology here and he wasn't sure either.

I appreciate the patience! As I mentioned, I'm trying to dive into a real learning of this. Online college degrees look good on paper, but they don't really give much practical application outside the coursework, so I thought exploring the real world a little would help, and it is.

Edit... okay... I see.. He's got it subnetted 255.0.0.0.... so nearly unlimited IPs...

But the PING did NOT work regardless. Going from the first laptop to the new one gave me a "filtered" (linux) and going from the new to the original was "timed out" (windows). I presume that's a firewall blocking it?

Edited by DeltaFox, 16 September 2023 - 08:07 AM.

Windows ipconfig
IP 10.80.18.39
Subnet 255.0.0.0
Gateway 10.128.128.128

Linux ifconfig
IP 10.208.178.21
Subnet 255.0.0.0
Broadcast 255.255.255.10

Same 10.128.128.128