Hello everyone,
So from my understanding ARP should broadcast, then tables should be updated, and then until an arp table timeout there should be no more need for constant ARP request from say the router to the same host.
When I run wireshark I notice non-broadcast constant arp traffic from my router to my computer. Maybe 20 request in 10 minutes. Its from the router MAC directly to the computers MAC. Why could this be?
Link to Wireshark photo and home network map:
It’s effectively a host-firewall-proof ping mechanism to see if something is still on the network. AWS does something similar with their guest OS reachability checks. Even if your system is blocking all inbound traffic it still has to respond to ARP requests for IP networking to basically work.