my machine appears to be making to many arp requests

Hi,

My xp machine seems to making alot of arp requests, even when my machine is idol. It is not connected to a domin it is a basic home computer using zonealarm firewall.

is there any reason why it would be making so many arp requests?

Cheers
Ian
iang123Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
DCenaculoConnect With a Mentor Commented:
How did you know that your machine is making a lot of arprequests ? Can you see the IP addresses that make the requests, or the IP being requested ? Or any kind of MAC address ? Can you send us the results of this command on your machine: ARP -a ?
0
 
DCenaculoCommented:
Usually many arp request indicates that the default gateway it's not well configured. Is the default gateway well defined ?
0
 
MshineCommented:
I would first start at looking what is running in the backround.

Did you go to MSCONFIG and look at the startup tab? Try unchecking all of the
application set to startup, and see if that helps.

I sounds like you computer is try to connect to the internet, and resolve and
address or look for an update, and is not able to connect. You may have blocked
the offending program with ZoneAlarm..

I would probably 1st shutoff ZoneAlarm to test.. The firewall is a good thing to have
but you may need to look into blocked communications.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
iang123Author Commented:
I have disabled the firewall and some startup options, i will restart the machine let it run for a while and see what happens.
0
 
MshineCommented:
WinXP has a built in firewall if you are patched up to SP2.. You should try just
using that.. In fact maybe that was part of the problem. WinXP turns on the WIN Firewall
during the installation of SP2.. Maybe you had things locked down a bit too much?

If you need help checking to see if WinXP firewall is running, or maybe even block
communication of a particulr APP, let us know.
0
 
MshineCommented:
Also in addition to DCenaculo comment.. What kind of environment is this PC connected to the internet?
Home Network? Right to a Modem? To a router? etc...
0
 
DCenaculoCommented:
Is it possible for you to see witch IP address is ARP looking for ?
0
 
DCenaculoCommented:
ARP resolution happens after name resolution. This means thar the computer already knows the destination IP address. If it is outside the local network, arp will try to get the mac address from the default gateway. If it's not well configured the computer will continue broadcasting arp hopping that the router answer with its mac address witch will not ocurre because the IP that is beeing given it's not correct (if the default gateway is not well configured). It's important to know if all that arp packets are asking for the mac address from the some IP address.
0
 
iang123Author Commented:
thankyou for all your comments,

windows firewall is off.  all the arp requests seem to be coming from all other ip addresses but mine.

Is there any way of saving a capture file to text file and i will show you?

Cheers
Ian
0
 
MshineCommented:
Can you identify these IP addresses? If not you may be the victim of a virus that is using
your machine to store or passon data.

The easiest way to copy this information to a text file from the DOS window is to right click
on the title bar o fthe DOS window, click "Select All", then right click again and click "copy"
From there create a text file and right click and paste it in =to the file, OR right into your
post.

Some questions are still unanswered:

1. What kind of environment is this machine under (network, workgroup, domain, routers, modems)
We need some details.

2. Capture a few of the IP addresses and try a tracert on them. Open up DOS window
by going to START > RUN > CMD

Type in tracert xxx.xxx.xx.xx (x's being the IP address numbers).. This might give you some
details were these IP address are coming from.
0
 
iang123Author Commented:
ok,

this machine is under a normal home setup up. Computer straight to modem, the pc is just using zonealarm fire wall. here are some tracert results. i was worried in case my computer was being used as some kind of "middle man" actually.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\caroline stout>tracert 77.103.60.1

Tracing route to 77-103-60-1.cable.ubr05.gate.blueyonder.co.uk [77.103.60.1]
over a maximum of 30 hops:

  1     6 ms     8 ms     6 ms  77-103-60-1.cable.ubr05.gate.blueyonder.co.uk [7
7.103.60.1]

Trace complete.

C:\Documents and Settings\caroline stout>tracert 80.192.102.1

Tracing route to 80-192-102-1.cable.ubr05.gate.blueyonder.co.uk [80.192.102.1]
over a maximum of 30 hops:

  1    11 ms     8 ms     7 ms  80-192-102-1.cable.ubr05.gate.blueyonder.co.uk [
80.192.102.1]

Trace complete.

C:\Documents and Settings\caroline stout>tracert 77.101.200.1

Tracing route to 77-101-200-1.cable.ubr05.gate.blueyonder.co.uk [77.101.200.1]
over a maximum of 30 hops:

  1     9 ms     8 ms     7 ms  77-101-200-1.cable.ubr05.gate.blueyonder.co.uk [
77.101.200.1]

Trace complete.

it appears only to be going one hop.

Any more advise would be greatly apprciated.


0
 
iang123Author Commented:
ok,

I am attaching a network monitor copy, to see if this helps.
capture.txt
0
 
DCenaculoCommented:
Are those arp requests inside the firewall or outside ?
0
 
iang123Author Commented:
out side by the looks of it
0
All Courses

From novice to tech pro — start learning today.