We have a product that runs Windows XP Embedded SP1. We configure a fake (does not exist) MAC address for a fake IP in the ARP table. When there is a communication happening, Windows sends packets to the fake MAC and fakeIP and later we change it to real ones in a driver. This is how the software is designed.
The problem is that sometimes Windows starts sending ARP requests for the fake IP even though it has an entry for it in the ARP table. I had no clue why this was happening and, in blind attempt to reproduce the issue, I wrote a script to delete ARP entry then add it again after some seconds. After some attempts, I saw the problem happening.
Any ideas about what should I check/change?
Can you Check the Ethernet Frame MAC Addresses in both cases, in the case where there is an entry and when there is no entry in the arp cache. Additionally, Check your code, I think you will find some reference to the FAKE IP address inside your code (that you might have forgot to change) There are many application layer protocols that require the use of ARP prior to their commmunication, So I think maybe you're using one of these protocols in your code and you instruct the code to communicate with the fake IP address, that's why when you invoke this protocol it uses arp to find the mac address of the fake IP. Let me know if this answers your question.