 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
04-21-2005, 08:43 AM
|
Residual arp traffic ! ;D
Can anyone suggest a good way to track down an application littering my
network with certain traffic. Heres the thing, I've long ago changed my whole network to a new subnet and doing some packet capturing, I see something looking for hosts on the old subnet, still! Every minute or so the server sends out arp packets for hosts on the old LAN. I have no idea what this could be. I suppose I could start by killing off processes one by one - but this isnt really an option. Coenraad Loubser 
|
|
#2
04-21-2005, 09:16 AM
|
|||
|
|||
|
Re: Residual arp traffic ! ;D
Coenraad Loubser wrote:
> Can anyone suggest a good way to track down an application littering my > network with certain traffic. > > Heres the thing, I've long ago changed my whole network to a new subnet > and doing some packet capturing, I see something looking for hosts on > the old subnet, still! Every minute or so the server sends out arp > packets for hosts on the old LAN. > > I have no idea what this could be. I suppose I could start by killing > off processes one by one - but this isnt really an option. More clues... 10.0.0.0 subnet has long been no more snmp? Im not running that! 10:11:39.757030 IP wblv-146-237-93.telkomadsl.co.za.index-pc-wb > 10.0.0.12.snmp: GetRequest(25) system.sysUpTime.0 10:12:11.298149 IP wblv-146-237-93.telkomadsl.co.za.net-steward > 10.0.0.12.snmp: GetRequest(25) system.sysUpTime.0
|
|
#3
04-21-2005, 09:45 AM
|
|||
|
|||
|
Re: Residual arp traffic ! ;D
Coenraad Loubser <(E-Mail Removed)> wrote:
> Can anyone suggest a good way to track down an application littering my > network with certain traffic. > Heres the thing, I've long ago changed my whole network to a new subnet > and doing some packet capturing, I see something looking for hosts on > the old subnet, still! Every minute or so the server sends out arp > packets for hosts on the old LAN. I suppose you could add an IP alias for an old address to a.n.other machine, so that the arp gets satisfied. You could then watch to see which port is poked, which might give you some clue as to the application. Chris
|
|
#4
04-21-2005, 10:27 AM
|
|||
|
|||
|
Re: Residual arp traffic ! ;D
On 2005-04-21, Coenraad Loubser <(E-Mail Removed)> wrote:
> Coenraad Loubser wrote: >> Can anyone suggest a good way to track down an application littering my >> network with certain traffic. >> >> Heres the thing, I've long ago changed my whole network to a new subnet >> and doing some packet capturing, I see something looking for hosts on >> the old subnet, still! Every minute or so the server sends out arp >> packets for hosts on the old LAN. >> >> I have no idea what this could be. I suppose I could start by killing >> off processes one by one - but this isnt really an option. > > More clues... > 10.0.0.0 subnet has long been no more > > snmp? Im not running that! > > 10:11:39.757030 IP wblv-146-237-93.telkomadsl.co.za.index-pc-wb > > 10.0.0.12.snmp: GetRequest(25) system.sysUpTime.0 > 10:12:11.298149 IP wblv-146-237-93.telkomadsl.co.za.net-steward > > 10.0.0.12.snmp: GetRequest(25) system.sysUpTime.0 Maybe your DSL modem/router? Jarek P.
|
|
#5
04-21-2005, 11:47 AM
|
|||
|
|||
|
Re: Residual arp traffic ! ;D
Coenraad Loubser wrote:
> I have no idea what this could be. I suppose I could start by killing > off processes one by one - but this isnt really an option. You might try examining the contents of the packets, to see what protocol is being used. That should provide clues as to the service.
|
 |
| Tags |
| arp, residual, traffic |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
