cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Ping Corrupting ARP Table?

My company is rolling out new credit card payment terminals across Canada and I have been monitoring them with Orion ICMP only since they do not support SNMP.  I have noticed them dropping off the network from 2 to 13 minutes randomly.  These are all located on remote networks running over 384K frame circuits.


 I installed wireshark on a laptop and shipped it up there.  After collecting data I noticed that the credit terminal ARP table was getting corrupted.  After an ARP update, the ping request would hit the device and the echo response would take place but the destination MAC was corrupted.  What was normally the router's Cisco MAC address, was now 53:6f:6c:61:72:57.  Guess what that spells, 'solarw'.  The first part of the data that Orion pings with.  After a few minutes, and an ARP update, the problem corrects itself. 


 Has anyone had experience with Orion corrupting an ARP table?  Does this sound possible?  Is the data size that Orion pings with too much?  It seems that the windows command line ping only uses 32 bytes of data rather than 65.  I will try changing the data size to 32 bytes and see if that helps.


 Any input would be appreciated.  I have the manufacturer talking to their product team but it would be nice to know if it's Orion that could be at fault.  You would think their device could handle a larger ping data size though...


Thanks!

Tags (3)
0 Kudos
5 Replies
Level 17

 Can you try eliminating the data portion of the packet?

In the NPM System Mgr.-> Settings ->Network Tab;

0 Kudos

Is there a reason to have data in the packet at all or is it just for identification purposes?


I thought I would keep it at 32 over the wekend and see if that helps but if it doesn't need anything in there I will eliminate it.


0 Kudos

 Just for identification.

0 Kudos

I deleted all the data and set it to zero bytes and it instantly detected all of my credit card devices as down.  I put some data back in and they were reported as up.


 I could still ping the devices from the server using the command line but the devices didn't like having a zero data packet.


 Is Orion doing anything else that could cause the problems I am having?


 Thanks.

0 Kudos

ICMP packets with 0 bytes payload are detected as an attack by most Firewalls and blocked.


I suspect the IP stack on the POS terminals is not too robust. Try changing Orion to send 32 byte packets

0 Kudos