My company is rolling out new credit card payment terminals across Canada and I have been monitoring them with Orion ICMP only since they do not support SNMP. I have noticed them dropping off the network from 2 to 13 minutes randomly. These are all located on remote networks running over 384K frame circuits.
I installed wireshark on a laptop and shipped it up there. After collecting data I noticed that the credit terminal ARP table was getting corrupted. After an ARP update, the ping request would hit the device and the echo response would take place but the destination MAC was corrupted. What was normally the router's Cisco MAC address, was now 53:6f:6c:61:72:57. Guess what that spells, 'solarw'. The first part of the data that Orion pings with. After a few minutes, and an ARP update, the problem corrects itself.
Has anyone had experience with Orion corrupting an ARP table? Does this sound possible? Is the data size that Orion pings with too much? It seems that the windows command line ping only uses 32 bytes of data rather than 65. I will try changing the data size to 32 bytes and see if that helps.
Any input would be appreciated. I have the manufacturer talking to their product team but it would be nice to know if it's Orion that could be at fault. You would think their device could handle a larger ping data size though...
Thanks!
