?
Solved

URGENT Network Problem

Posted on 2009-03-30
13
Medium Priority
?
261 Views
Last Modified: 2012-05-06
I am trying to isolate a server we have that is flooding the network with ARP requests? I am not sure why?  I can't seem to find a program that is doing this, I am using a packet sniffer and traced it to this specific pc and Used a program called Active Ports to try to see what executable is actually doing it but I can't find it?
Packets.bmp
0
Comment
Question by:mrsam3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
13 Comments
 
LVL 4

Expert Comment

by:anvanster
ID: 24022294
What is this server purpose?
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24022307
Have you tried "netstat" ? What applications do you have there?
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24022355
Netstat -n
or
Download this (http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and run it on the crazed computer.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 2

Accepted Solution

by:
mrsam3 earned 0 total points
ID: 24022792
I was able to resolve this, it was a Xerox network discovery application that was running as a service for some reason...
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24022846
HOW did you resolve the issue?  You looked at your active services and it told you that your Xerox net discovery was sending ARP floods?
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24023141
no I saw that it was using 20% cpu so i killed the exe and the arp requests stopped?
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023241
I see.  I am fine with you not giving us the points in this case.  However, I do find it amazing that you would have used a packet sniffer prior to checking active processes.  It is a bit easy to oversite though.  

New website title:  Xerox Exploit Brings Server to a Crawl

Good find, and thanks for reposting that info.  I think it will definately help others.  If I may ask one other thing-  How did you find out that this was going on?  Were you receiving notifications?
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24023625
Our users were complaining that the network was slow and the internet was slowing to a crawl (slower then dialup) so I thought we had a spammer or something...  so we put the sniffer in and noticed Ethernet broadcasts from the mac address of our server. So after a bunch of research I looked in the processes and saw the Xerox was taking 20% cpu some times and it said Xerox Discovery so I assumed it was that, once I killed it our arp requests needed...   But we had no idea where the flood was coming from previously because all our switches are unmanaged
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023994
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023996
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24024034
netstat did not show anyting i even used active ports, they were not established connections on the network.  they were broadcasts packets and not established tcp/ip connections.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question