Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Constant ARP Requests Windows 2000 Advanced Server

Status
Not open for further replies.
zwardle

zwardle

IS-IT--Management
Oct 23, 2003
4
US
On a Windows 2K Advanced Server, I am seeing a problem with multiple ARP requests. The server is sending ARP requests to every machine on the subnet. I have run MS Network Monitor and can confirm thousands of broadcasts are being sent from my machine to the network.

Does anyone have any ideas what could cause this? I have checked for viruses, patched the server and tried everything I can think of but nothing shows up. Any help would be appreciated.
 
Sort by date Sort by votes
I would do the following:

1- Check the ARP table of your Server.

2- Maybe there is an application that activates the ARP
requests in your machine.

3- Check the period of the ARP request packet for each specific address. If it is , 3 seconds which is the default for ARP timeout then change the ARP timeout in the Registry.
It under HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters\InterfacesIt is called "AddressResolutionTimeout"


4- Is your server configured for routing? If yes and many stations are accessing the Server with routing than that is what you would see.
 
Upvote 0 Downvote
I have looked for all open applications and cannot find one that sends these ARP requests. This machine is only connected to a cable modem and does not particiate in a network.

I looked at the registry as you said, and there was no AddressReoslutionTimeout. The server was once configured for routing but the service has been disabled for several months.

Any other ideas?
 
Upvote 0 Downvote
Sorry, I found this traffic isn't coming from my machine but from another machine on the Cable network...

Could this be using my bandwidth and causing collisions?
 
Upvote 0 Downvote
Every additional traffic causes uses up bandwidth and increases the collision probability.
1- In HUBs, old coax installations
2- Switch ports in HDX mode

 
Upvote 0 Downvote
This behaviour is typical of a network analyser/sniffer. Sounds like someone is trying to hack your home network. Hackers tend to use this tool to monitor networks for clear text passwords and other usefull info. Also viruses like the welchia worm or nachi worm have this kind of behaviour. I would disconnect from the internet untill you have identified the problem. Maybe even get some Antivirus software (but not Norton as a lot of viruses are programmed to get around norton with it being one of the most popular).

Hope that helps.

Cheers,

Richie.
 
Upvote 0 Downvote
Hi,
I would suggest that you check into whether you want your cable modem changed out. The newer ones that are out there don't usually move layer 2 traffic like ARPs between different machines.

Pete
 
Upvote 0 Downvote
Pete,
How does traffic get routed if it isn't routed first by layer 2? It has to be resolved somehow, have they changed it to resolve to layer 3 or something now? This is/should be less reliable. Or are you saying they just don't use ARP to resolve MACs? Please elaborate.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
347
Zebad
Zebad
sologeek
  • Locked
  • Question
VPN server help
Replies
0
Views
283
sologeek
sologeek
Luzbel
  • Locked
  • Question
Is ARP Connection oriented or connectionless?
Replies
1
Views
74
allworxguy
allworxguy
Kevinillingw
  • Locked
  • Question
DHCP Router or Server
Replies
0
Views
87
Kevinillingw
Kevinillingw
BartVerkeyn
  • Locked
  • Question
Ping timeout from specific server
Replies
0
Views
69
BartVerkeyn
BartVerkeyn

Part and Inventory Search

Sponsor

Back
Top