URGENT Network Problem

I am trying to isolate a server we have that is flooding the network with ARP requests? I am not sure why?  I can't seem to find a program that is doing this, I am using a packet sniffer and traced it to this specific pc and Used a program called Active Ports to try to see what executable is actually doing it but I can't find it?
Packets.bmp
LVL 2
mrsam3Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

anvansterCommented:
What is this server purpose?
0
anvansterCommented:
Have you tried "netstat" ? What applications do you have there?
0
stlbridgeCommented:
Netstat -n
or
Download this (http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and run it on the crazed computer.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

mrsam3Author Commented:
I was able to resolve this, it was a Xerox network discovery application that was running as a service for some reason...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stlbridgeCommented:
HOW did you resolve the issue?  You looked at your active services and it told you that your Xerox net discovery was sending ARP floods?
0
mrsam3Author Commented:
no I saw that it was using 20% cpu so i killed the exe and the arp requests stopped?
0
stlbridgeCommented:
I see.  I am fine with you not giving us the points in this case.  However, I do find it amazing that you would have used a packet sniffer prior to checking active processes.  It is a bit easy to oversite though.  

New website title:  Xerox Exploit Brings Server to a Crawl

Good find, and thanks for reposting that info.  I think it will definately help others.  If I may ask one other thing-  How did you find out that this was going on?  Were you receiving notifications?
0
mrsam3Author Commented:
Our users were complaining that the network was slow and the internet was slowing to a crawl (slower then dialup) so I thought we had a spammer or something...  so we put the sniffer in and noticed Ethernet broadcasts from the mac address of our server. So after a bunch of research I looked in the processes and saw the Xerox was taking 20% cpu some times and it said Xerox Discovery so I assumed it was that, once I killed it our arp requests needed...   But we had no idea where the flood was coming from previously because all our switches are unmanaged
0
stlbridgeCommented:
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
stlbridgeCommented:
Being NETSTAT more than likely was an acceptable answer, I propose the total points offered be split.
0
mrsam3Author Commented:
netstat did not show anyting i even used active ports, they were not established connections on the network.  they were broadcasts packets and not established tcp/ip connections.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.