Wireshark-users: Re: [Wireshark-users] Scanning subnetwork considered bad or not?
: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx
: Thu, 4 Aug 2011 11:37:51 -0600
On Mon, Jul 25, 2011 at 02:25:29PM +0200, RUOFF, LARS (LARS)** CTR ** wrote:
> After setting up a trap, i finally found the guilty to be the Canon
> Network Scanner utility. (The word "Scanner" here initially stands for
> machines scanning sheets of paper, not networks! ;) )
It's trying to make a network connection of some sort to every IP
address on the subnet. If there isn't already an ARP entry for that IP
address in the local machine's ARP cache, then it has to generate an ARP
request to find it if it's there.
> Ok, so normal behaviour. But isn't this behaviour seriously violating
> LAN netiquette??
> Do a lot of services use this?
I don't think so, but many use almost-just-as-annoying broadcasts which
reach every device anyway.
> I guess that this would be a NO GO in an enterprise environment?
I would say yes, but after years of experience working in such
environments, it turns out that most don't care since it's more
important that things "just work" (no matter how poorly they are
implemented) than "do the right thing" :(.
It would be better to use multicasts and/or a standardized method of
service discovery such as Simple Service Discovery Protocol (SSDP).