Surprising amount of ping chatter on LAN

DominikHoffmann

I just started using Packet Capture and Wireshark for the first time a couple of days ago. Here is what Packet Capture on one IP address (an IKEA Trådfri Gateway, which is a home automation bridge between Ethernet LAN and wireless Zigbee mesh networking) and other addresses produced:

15:30:48.347482 IP 192.168.4.24 > 192.168.1.130: ICMP echo request, id 47921, seq 0, length 64
15:30:48.347643 IP 192.168.4.23 > 192.168.1.130: ICMP echo request, id 36940, seq 0, length 64
15:30:48.347650 IP 192.168.1.130 > 192.168.4.24: ICMP echo reply, id 47921, seq 0, length 64
15:30:48.347808 IP 192.168.1.130 > 192.168.4.23: ICMP echo reply, id 36940, seq 0, length 64
15:30:48.350935 IP 192.168.4.91 > 192.168.1.130: ICMP echo request, id 29955, seq 0, length 64
15:30:48.351100 IP 192.168.1.130 > 192.168.4.91: ICMP echo reply, id 29955, seq 0, length 64
15:30:48.354428 IP 192.168.4.24 > 192.168.1.130: ICMP echo request, id 48433, seq 0, length 64
15:30:48.354594 IP 192.168.1.130 > 192.168.4.24: ICMP echo reply, id 48433, seq 0, length 64
15:30:48.354685 IP 192.168.4.23 > 192.168.1.130: ICMP echo request, id 37452, seq 0, length 64
15:30:48.354851 IP 192.168.1.130 > 192.168.4.23: ICMP echo reply, id 37452, seq 0, length 64
15:30:48.355836 IP 192.168.4.91 > 192.168.1.130: ICMP echo request, id 30467, seq 0, length 64
15:30:48.356003 IP 192.168.1.130 > 192.168.4.91: ICMP echo reply, id 30467, seq 0, length 64
15:30:48.358338 IP 192.168.4.24 > 192.168.1.130: ICMP echo request, id 48945, seq 0, length 64
15:30:48.358506 IP 192.168.1.130 > 192.168.4.24: ICMP echo reply, id 48945, seq 0, length 64
15:30:48.359093 IP 192.168.4.23 > 192.168.1.130: ICMP echo request, id 37964, seq 0, length 64
15:30:48.359261 IP 192.168.1.130 > 192.168.4.23: ICMP echo reply, id 37964, seq 0, length 64

In other words I see a totally unexpected large amount of ping chatter between the Gateway and various nodes on my LAN and between my VELOP nodes and the Gateway. Is this typical for a LAN?

KOM

@dominikhoffmann It might be perfectly normal depending on what's on your network and what they're doing. What are those devices that are doing the pinging, and what are the devices they're pinging?

DominikHoffmann

@kom: 192.168.1.x is my wired LAN, and 192.168.4.x is my wireless LAN. Both are bridged together.

192.168.1.130 is the IKEA Trådfri Gateway.
192.168.4.23 is one Linksys Velop AP.
192.168.4.24 is another Velop AP.

The other hosts on the 192.168.4.x network are iOS or macOS devices.

The reason I posted this was that I have been ignorant so far about whether or not the typical network host automatically pings other LAN hosts as a matter of course.

KOM

@dominikhoffmann No, clients don't typically ping each other but a router pinging its upstream gateway isn't unusual. pfSense also does this to its gateway to monitor its status.

DominikHoffmann

I turned off the Avahi daemon, and the pings stopped. It also allowed me to let my iPhone communicate with the IKEA Trådfri Gateway. Prior to turning off the Avahi daemon, I was unable to add the Trådfri Gateway to HomeKit. Ditto for my Rachio 3 sprinkler controller. Both are now happily accessible in my Home app.

johnpoz

@dominikhoffmann said in Surprising amount of ping chatter on LAN:

192.168.1.x is my wired LAN, and 192.168.4.x is my wireless LAN. Both are bridged together.

Huh? You don't bridge together different L3 networks?

But generally no - devices on a network don't just randomly ping other IPs on the network. A device might ping its gateway, it might ping some external IP to validate its got internet access.

A client might ping a server it talks to for some services. If your running say HAproxy on pfsense it might ping the backends you have setup to validate they are online to send data too..

But no you don't normally see some device pinging .X and then .Y and then .Z etc.. unless its a device meant to do that.. Some sort of monitoring device to check what is on your network, etc.