What is the best way to determine the cause of an ARP saturated network?

Using my Fluke network monitor I will notice that ARP is running anywhere from 50% to 75%. While IP is around 30%...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

to 50%. I can't seem to find any rime or reason for this high ARP traffic. It comes and goes at random lasting anywhere from two minutes to hours.

We are currently a single NT4 domain with about 500 nodes running a mixed NT4 workstation & Windows 2000 Pro on a switched network, with both Netbeui and IP protocols active. We are also a part of Trust in an Active Directory.

I am not familiar with this phenomenon. It sounds unusual and it would need additional investigation. Here's what I would suggest as working hypotheses in order of priority:

You have a worm of some sort that is using the ARP mechanisms to propagate. Variants of Code Red cause ARP flooding.
Somehow your hosts are not properly caching ARP data and constantly expiring it, possibly generating per-packet requests. I can't see how but it may be some consequence of an overly secure Trust configuration on Active Directory.

I would also sniff the packets to determine if a few hosts are responsible or all of them.

This was last published in February 2004

Related Q&A from Loki Jorgenson

One of my computers cannot communicate with the rest of the network and I can't figure out why.

Is there any easy way to measure EMF/EMI interactions?

Why doesn't my Internet connection work?

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchSDN

128 Technology delivers routing software, SD-WAN on white box

128 Technology integrated its routing software and SD-WAN capabilities with white box CPEs from Lanner. Arrow Electronics will ...

SD-WAN benefits the changing network connectivity landscape

In the latest networking advance, SD-WAN benefits the evolving network connectivity landscape by allowing customers to use less ...

MEF launches SDN certification and specs for Presto APIs

MEF worked with The Linux Foundation and ETSI to develop an NFV and SDN certification to focus on related knowledge and skills. ...

SearchEnterpriseWAN

How to calculate network bandwidth requirements

Figuring out how to calculate bandwidth requirements is vital to ensuring your network runs smoothly, and it's best to get the ...

How types of noise in data communication systems affect the network

Learn about the different types of noise in data communication -- including thermal, intermodulation, cross-talk, impulse and ...

The best VPNs for enterprise use

This slideshow highlights the best VPNs used in enterprise wide-area networks (WANs) and offers principles for designing and ...

SearchUnifiedCommunications

Twilio SIM cards simplify IoT connectivity

Twilio has released programmable SIM cards for IoT connectivity. The Twilio SIM cards connect to the vendor's APIs for voice, ...

Cisco Webex Teams to replace Spark platform

Cisco plans to combine Spark and Webex to provide a single platform for team collaboration and web conferencing. Cisco Webex ...

Google Cloud speech-to-text service gets revamp

Google Cloud speech-to-text service has been updated for improved accuracy through machine learning. The company is also ...

SearchMobileComputing

How to track mobile app metrics

Developers that don't track mobile app health will get little insight into the user experience. Learn these effective strategies ...

Pros and cons of AI for mobile IT

Mobile IT admins should be prepared to take advantage of artificial intelligence technologies, but it's important to be aware of ...

Be prepared to handle a mobile security breach

When it comes to cybersecurity, mobile security often falls by the wayside. Discover these techniques to prepare for a mobile ...

SearchDataCenter

Guide to buying server performance monitoring software

Integration, storage and vendor support all affect whether a performance monitoring tool is right for an organization. Mull over ...

How IBM's data science team quickens users' AI projects

In this Q&A, IBM's Seth Dobrin discusses the rising user interest in machine learning and AI projects and the help inexperienced ...

IBM blockchain technology spotlights mainframes

IBM's blockchain offerings aim to ease enterprise IT concerns by combining Z system mainframe hardware with industry-specific ...

SearchITChannel

Marketing for MSP companies: Still a struggle

While managed service providers continue to struggle with marketing, the list of vendors committing to the channel sales model ...

Expect 5G infrastructure to generate new wave of channel opportunities

It's time to think about 5G. The widespread rollout of 5G infrastructure is likely to create new prospects for channel-provided ...

128 Technology brings routing, SD-WAN to white box CPEs

128 Technology integrated its routing software and SD-WAN capabilities with white box CPEs from Lanner. Arrow Electronics will ...

Related Resources

Dig Deeper on Network Monitoring

Related Q&A from Loki Jorgenson

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.