Wireshark · Ethereal-users: Re: [Ethereal-users] Excessive Arps on my network

Ethereal-users: Re: [Ethereal-users] Excessive Arps on my network

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Hansang Bae <hbae@xxxxxxxxxx>

Date: Wed, 11 Aug 2004 00:04:49 -0400

On 11:00 AM 8/10/2004, Krahnke, Kurt wrote:
>I have downloaded and installed ethereal on my network and have begun to 
>do some analysis of packets going over my network.  I am seeing anywhere
>from 65 to 85% arps.  These are coming from several workstations on my
>network
>and they are all sequential.  I see the arp starting at a work station that
>has an
>ip address of 172.16.104.45, it arps to every ip address range in the
>172.16.104.xx
>range.  This means from 1 to 254, with the exception of 45?  I have never
>seen this before,
>do you have any idea what this may be?


Most likely due to a virus.  Ironically, older HP JetDirect software did this too!  The othe possibility is that some scanning software is running on the PCs, but if these are end user PCs, virus would be the most likely culprit.

hsb

References:
- [Ethereal-users] Excessive Arps on my network
  - From: Krahnke, Kurt

Prev by Date: RE: [Ethereal-users] Analysis from a source IP to a destination IP
Next by Date: Re: [Ethereal-users] Help with a decode????
Previous by thread: RE: [Ethereal-users] Excessive Arps on my network
Next by thread: RE: [Ethereal-users] Excessive Arps on my network
Index(es):
- Date
- Thread