my machine appears to be making to many arp requests

Hi,

My xp machine seems to making alot of arp requests, even when my machine is idol. It is not connected to a domin it is a basic home computer using zonealarm firewall.

is there any reason why it would be making so many arp requests?

Cheers
Ian
iang123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DCenaculoCommented:
Usually many arp request indicates that the default gateway it's not well configured. Is the default gateway well defined ?
0
MshineCommented:
I would first start at looking what is running in the backround.

Did you go to MSCONFIG and look at the startup tab? Try unchecking all of the
application set to startup, and see if that helps.

I sounds like you computer is try to connect to the internet, and resolve and
address or look for an update, and is not able to connect. You may have blocked
the offending program with ZoneAlarm..

I would probably 1st shutoff ZoneAlarm to test.. The firewall is a good thing to have
but you may need to look into blocked communications.
0
iang123Author Commented:
I have disabled the firewall and some startup options, i will restart the machine let it run for a while and see what happens.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

MshineCommented:
WinXP has a built in firewall if you are patched up to SP2.. You should try just
using that.. In fact maybe that was part of the problem. WinXP turns on the WIN Firewall
during the installation of SP2.. Maybe you had things locked down a bit too much?

If you need help checking to see if WinXP firewall is running, or maybe even block
communication of a particulr APP, let us know.
0
MshineCommented:
Also in addition to DCenaculo comment.. What kind of environment is this PC connected to the internet?
Home Network? Right to a Modem? To a router? etc...
0
DCenaculoCommented:
Is it possible for you to see witch IP address is ARP looking for ?
0
DCenaculoCommented:
ARP resolution happens after name resolution. This means thar the computer already knows the destination IP address. If it is outside the local network, arp will try to get the mac address from the default gateway. If it's not well configured the computer will continue broadcasting arp hopping that the router answer with its mac address witch will not ocurre because the IP that is beeing given it's not correct (if the default gateway is not well configured). It's important to know if all that arp packets are asking for the mac address from the some IP address.
0
iang123Author Commented:
thankyou for all your comments,

windows firewall is off.  all the arp requests seem to be coming from all other ip addresses but mine.

Is there any way of saving a capture file to text file and i will show you?

Cheers
Ian
0
MshineCommented:
Can you identify these IP addresses? If not you may be the victim of a virus that is using
your machine to store or passon data.

The easiest way to copy this information to a text file from the DOS window is to right click
on the title bar o fthe DOS window, click "Select All", then right click again and click "copy"
From there create a text file and right click and paste it in =to the file, OR right into your
post.

Some questions are still unanswered:

1. What kind of environment is this machine under (network, workgroup, domain, routers, modems)
We need some details.

2. Capture a few of the IP addresses and try a tracert on them. Open up DOS window
by going to START > RUN > CMD

Type in tracert xxx.xxx.xx.xx (x's being the IP address numbers).. This might give you some
details were these IP address are coming from.
0
iang123Author Commented:
ok,

this machine is under a normal home setup up. Computer straight to modem, the pc is just using zonealarm fire wall. here are some tracert results. i was worried in case my computer was being used as some kind of "middle man" actually.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\caroline stout>tracert 77.103.60.1

Tracing route to 77-103-60-1.cable.ubr05.gate.blueyonder.co.uk [77.103.60.1]
over a maximum of 30 hops:

  1     6 ms     8 ms     6 ms  77-103-60-1.cable.ubr05.gate.blueyonder.co.uk [7
7.103.60.1]

Trace complete.

C:\Documents and Settings\caroline stout>tracert 80.192.102.1

Tracing route to 80-192-102-1.cable.ubr05.gate.blueyonder.co.uk [80.192.102.1]
over a maximum of 30 hops:

  1    11 ms     8 ms     7 ms  80-192-102-1.cable.ubr05.gate.blueyonder.co.uk [
80.192.102.1]

Trace complete.

C:\Documents and Settings\caroline stout>tracert 77.101.200.1

Tracing route to 77-101-200-1.cable.ubr05.gate.blueyonder.co.uk [77.101.200.1]
over a maximum of 30 hops:

  1     9 ms     8 ms     7 ms  77-101-200-1.cable.ubr05.gate.blueyonder.co.uk [
77.101.200.1]

Trace complete.

it appears only to be going one hop.

Any more advise would be greatly apprciated.


0
iang123Author Commented:
ok,

I am attaching a network monitor copy, to see if this helps.
capture.txt
0
DCenaculoCommented:
How did you know that your machine is making a lot of arprequests ? Can you see the IP addresses that make the requests, or the IP being requested ? Or any kind of MAC address ? Can you send us the results of this command on your machine: ARP -a ?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DCenaculoCommented:
Are those arp requests inside the firewall or outside ?
0
iang123Author Commented:
out side by the looks of it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.