If your running Cisco routers, turn on nbar and you can graph (with PRTG) by
protocol. That should help narrow it down. What is your one server that's
arping looking for? Local addresses?
"Ed Flecko" <(E-Mail Removed)> wrote in message
news:F914EC6E-224B-453F-B7AB-(E-Mail Removed)...
> Hey, thanks for the response guys. Let me see if I can answer all of the
> questions:
>
> The two sites are their own subnets. I have a Netgear switch, and I have
the
> T-1 port on the switch mirroring its traffic to the port that I have
ethereal
> listening on. I let the ethereal capture run for about a week. The sole
> purpose of the T-1 is to connect the two sites (subnets). I use PRTG
> (Paessler Router Traffic Grapher) to monitor the traffic. Suggestions?
Thank
> you for your help.
>
> Ed
>
> "Bill Grant" wrote:
>
> > I wouldn't expect to see any ARP traffic on a WAN link. Are the two
> > sites in the same IP subnet? Are you using some sort of bridge?
> >
> > Ed Flecko wrote:
> > > Hi folks,
> > > I have a small 2003 domain of 3 servers and about 35 PCs, with 2 sites
> > > connected via T-1. All 3 servers have 2003 standard, and are fully
> > > patched & updated. All 3 servers are DCs, run DNS and DFS (which I
> > > have had problems with), and 1 server on each site is a DHCP server.
> > > I use McAfee corporate anti-virus. Every day, predictably between
> > > appx. 4-8 am my T-1 is saturated with traffic. I've used ethereal and
> > > captured traffic during this time, and appx. 31% of the traffic is
> > > ARP, 24% is TCP, etc. Of the ARP traffic only, 49% is from one of my
> > > servers! Isn't this unusual (it seems really high to me)?
> > >
> > > I welcome any suggestions and comments. This predictably high
> > > bandwidth saturation is driving me crazy! Comments...suggestions???
> > >
> > > Thank you,
> > > Ed
> >
> >
> >
|
Similar Threads
Linear Mode
