I have LibreNMS monitoring devices on my home network and it is logging duplicate ICMP packets on my network.
Of the 30+ nodes being monitored, a few (3-4) exhibit this behavior. I can reproduce it occasionally using ping, but it doesn't happen 100% of the time. The most prolific host happens to be my Win10 machine, and has been the focus of my efforts so far.
When I ping this Win10 host from the LibreNMS box, I get this behavior:
And, looking at the packets on the LibreNMS box, I can see two replies both coming from 10.12.17.24. So, I head over to the Win10 machine, and look at packets there:
It appears that the Win10 machine is receiving 2 different requests (same IP, different mac) and is replying to those 2 different requests. Now, the Dell_ mac is from the LibreNMS box, but the ARRISGro mac is actually a firewall machine running Untangle.
Here's the topology:
And here's where I run out of talent. I'm guessing that the untangle host is (erroneously) receiving the request packet for 10.12.17.24 and simply forwarding it back to 10.12.17.24, resulting in 2 requests packets getting sent to 10.12.17.24.
More context: This (dups) is occurring very infrequently... LibreNMS is logging dups about 12-15 times per day for the 10.12.17.24 host. Some days there are no dups. The printer also attached to unifi-switchC occasionally shows some dups, but much less so. Every once in a great while, unifi-switchC will also have dups, but even less frequent. Far and away the worst host is 10.12.17.24...
Why is the untangle host getting this icmp packet in the first place? Is unifi-switchA doing this? Is it an ARP problem? How do I resolve this issue?
unifi-switchA is a: Unifi Switch 8 POE-60w v4.3.20.11298
unifi-switchB is a: Unifi Switch 8 v4.3.20.11298
unifi-switchC is a: Unifi Switch 8 v4.3.20.11298
untangle is a: Untangle firewall running in bridge mode on generic hdwe
Thanks for any help
