[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ARP "storms" in Win98
I've come across this for a number of reasons, all of them software related. 1) Yahoo Pager! I had a long discussion with the vendor about why it's trying to communicate with every host on the LAN, they have no clue. 2) HP JetAdmin or JetPrinter drivers, the new version of HP printer drivers allow you to add an HP jet Direct port almost as a local port, this requires that the machine build a list of all available printers on the subnet, hence the ARP storm. I've found that the easiest way to answer this question is to setup one workstation with a known IP on the same segment as a sniffer (NB - this does not have to be on the same segment as the offending machine, ARPs are broadcast). Set the sniffer to capture all data from the offending machine to your test machine. When the offending machine finally ARPs for the test machine's MAC, it will get a response. Whatever software is trying to communicate to every machine on your network will then send out something, evaluate what that something is! In the case of HP JetAdmin is was an SNMP packet for the HP Printer status. Obviously the test machine didn't respond properly so the offending machine continued on it's ARP storm. In the case of Yahoo Pager, it tried to open a TCP session to a particular port (I don't remember which one). You'll see this as a packet with the SYN (Synchronize Sequence Numbers) flag set, check the destination port and determine what applications use that port. Good luck. Daniel Katz-Braunschweig Network Specialist - Iona College MCSE, CNA, A+ -----Original Message----- From: Declan McKibben [mailto:[email protected]] Sent: Wednesday, October 11, 2000 10:57 AM To: [email protected]; [email protected] Cc: [email protected] Subject: [FW1] ARP "storms" in Win98 Sorry if this is a bit off topic but I have a win98 laptop on the lan and it constantly arps for every address on the subnet (which has a 16bit mask!). I have tried static and dhcp addresses, uninstalling the tcpip stack, reinstalling, changing NICs, checking all apps and so on but can't find the culprit. Anyone come across this kind of thing before. I would olike to find out what's wrong beofre doing a rebuild. regards and thanks declan Declan McKibben Dublin Ireland +353-87-2243170 +353-1-8366160 mailto:[email protected] _____________________________________ Get your free E-mail at http://www.ireland.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|