Solved

URGENT Network Problem

Posted on 2009-03-30
13
257 Views
Last Modified: 2012-05-06
I am trying to isolate a server we have that is flooding the network with ARP requests? I am not sure why?  I can't seem to find a program that is doing this, I am using a packet sniffer and traced it to this specific pc and Used a program called Active Ports to try to see what executable is actually doing it but I can't find it?
Packets.bmp
0
Comment
Question by:mrsam3
  • 6
  • 4
  • 2
13 Comments
 
LVL 4

Expert Comment

by:anvanster
ID: 24022294
What is this server purpose?
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24022307
Have you tried "netstat" ? What applications do you have there?
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24022355
Netstat -n
or
Download this (http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and run it on the crazed computer.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 3

Expert Comment

by:stlbridge
ID: 24022365
0
 
LVL 2

Accepted Solution

by:
mrsam3 earned 0 total points
ID: 24022792
I was able to resolve this, it was a Xerox network discovery application that was running as a service for some reason...
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24022846
HOW did you resolve the issue?  You looked at your active services and it told you that your Xerox net discovery was sending ARP floods?
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24023141
no I saw that it was using 20% cpu so i killed the exe and the arp requests stopped?
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023241
I see.  I am fine with you not giving us the points in this case.  However, I do find it amazing that you would have used a packet sniffer prior to checking active processes.  It is a bit easy to oversite though.  

New website title:  Xerox Exploit Brings Server to a Crawl

Good find, and thanks for reposting that info.  I think it will definately help others.  If I may ask one other thing-  How did you find out that this was going on?  Were you receiving notifications?
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24023625
Our users were complaining that the network was slow and the internet was slowing to a crawl (slower then dialup) so I thought we had a spammer or something...  so we put the sniffer in and noticed Ethernet broadcasts from the mac address of our server. So after a bunch of research I looked in the processes and saw the Xerox was taking 20% cpu some times and it said Xerox Discovery so I assumed it was that, once I killed it our arp requests needed...   But we had no idea where the flood was coming from previously because all our switches are unmanaged
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023994
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24023996
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
 
LVL 2

Author Comment

by:mrsam3
ID: 24024034
netstat did not show anyting i even used active ports, they were not established connections on the network.  they were broadcasts packets and not established tcp/ip connections.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question