Using my Fluke network monitor I will notice that ARP is running anywhere from 50% to 75%. While IP is around 30%...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to 50%. I can't seem to find any rime or reason for this high ARP traffic. It comes and goes at random lasting anywhere from two minutes to hours.
We are currently a single NT4 domain with about 500 nodes running a mixed NT4 workstation & Windows 2000 Pro on a switched network, with both Netbeui and IP protocols active. We are also a part of Trust in an Active Directory.
- You have a worm of some sort that is using the ARP mechanisms to propagate. Variants of Code Red cause ARP flooding.
- Somehow your hosts are not properly caching ARP data and constantly expiring it, possibly generating per-packet requests. I can't see how but it may be some consequence of an overly secure Trust configuration on Active Directory.
I would also sniff the packets to determine if a few hosts are responsible or all of them.
Related Q&A from Loki Jorgenson
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.