Dan
asked on
why do I have a lot of broadcast traffic coming from my PC?
ASKER
I do have monitoring software, uv explorer, but it runs at a set time at 10 am every day.
Then I have a manual IP address tracker, and that's only when I manually run it.
I do use PRTG, but the software is on a server, on my computer, I only log into the web portal using my browser.
So if it's some application, I wonder how I"m going to figure out what monitoring company it is?
Also, is that what monitoring software does, arp broadcasts?
Then I have a manual IP address tracker, and that's only when I manually run it.
I do use PRTG, but the software is on a server, on my computer, I only log into the web portal using my browser.
So if it's some application, I wonder how I"m going to figure out what monitoring company it is?
Also, is that what monitoring software does, arp broadcasts?
try to shutdown all monitoring software installed on your pc , then try to capture traffic again
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is crazy, so I shutdown every process on my computer, and it's still happening.
I then went one by one with every service, and shut those down, it's still happening.
I disabled every non windows service, and restarted, and it's still happening.
I'm dumbfounded, not sure what else to do?
I then went one by one with every service, and shut those down, it's still happening.
I disabled every non windows service, and restarted, and it's still happening.
I'm dumbfounded, not sure what else to do?
ASKER
I disabled my 10G nic, and enabled my ethernet nic, it's still doing the same thing, tons of arp broadcasts.
Any more idea's, it always seems like it's something built into windows, as I can't figure this out.
Any more idea's, it always seems like it's something built into windows, as I can't figure this out.
To answer why this is occurring is simple. At some point in the past some software asked to talk with one of the IPs in question.
This could have been a long time in the past + the process asking for the IP, which now ARP is trying to provide a related MAC... this process could be long gone.
Also once ARP begins, this is handled (normally) by your Kernel IP stack, so once started you can't effect this process... well... unless you shutdown Windows completely (hard stop).
This could have been a long time in the past + the process asking for the IP, which now ARP is trying to provide a related MAC... this process could be long gone.
Also once ARP begins, this is handled (normally) by your Kernel IP stack, so once started you can't effect this process... well... unless you shutdown Windows completely (hard stop).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have shutdown my computer numerous ti
ill try the netsh command on monday when i get back into work.
ill try the netsh command on monday when i get back into work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello There, I ran the command, but still there.
David, I understand, I want to trace down what application is doing the scan, it's adding a lot of chatter on my network. taking up bandwidth, and just no real reason for i to occur, only when I start the scan using my applications.
David, I understand, I want to trace down what application is doing the scan, it's adding a lot of chatter on my network. taking up bandwidth, and just no real reason for i to occur, only when I start the scan using my applications.
HI ,
is it possible your PC infected with malware causing arp flooding ?
did you try to check if your pc has no malware working in the backend ..try to install https://www.malwarebytes.com/ and check your system .
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/arp%20flooding%20attack
is it possible your PC infected with malware causing arp flooding ?
did you try to check if your pc has no malware working in the backend ..try to install https://www.malwarebytes.com/ and check your system .
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/arp%20flooding%20attack
ASKER
I'm running malwarebytes now.
Whats strange is, I shutdown every process except system processes and also every non-microsoft service as well, and it still running as well.
Whats strange is, I shutdown every process except system processes and also every non-microsoft service as well, and it still running as well.
ASKER
This is the only threat it found:
https://blog.malwarebytes.com/detections/pum-optional-homepagecontrol/
https://blog.malwarebytes.com/detections/pum-optional-homepagecontrol/
could you please to do packet capture and share it with us .
also what is your operation system ? what is version of operating system ? also what is your NIC model ?
did you try to do update for NIC ?
also what is your operation system ? what is version of operating system ? also what is your NIC model ?
did you try to do update for NIC ?
ASKER
I'm going to run a packet capture in a sec.
The NIC is an Intel 82599 10Giabit Dual port NIC.
I don't think it's the nic as I even disabled it, and enabled my 1G NIC, and same thing was happening.
I am running windows 10.0.18362.959
Release 1903
I suppose I can reinstall the NIC drivers
The NIC is an Intel 82599 10Giabit Dual port NIC.
I don't think it's the nic as I even disabled it, and enabled my 1G NIC, and same thing was happening.
I am running windows 10.0.18362.959
Release 1903
I suppose I can reinstall the NIC drivers
ASKER
regarding the packet capture, I'm thinking, it might have sensitive info, like passwords, so not sure how to search for those and delete them before sending?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did, but nothing came up. Would passwords be included in the packet capture where the passwords are readable?
ASKER
I bought a new SSD drive, so since my computer is slow, I'm going to start fresh and I'll test this here and there to see if it happens again after I install some apps.
Good Luck
do you know these ips for example 102.95 , 102.93 ...etc belong to ?