hi everyone,
i know it's not a typical Avaya question but who knows ? maybe someone
could give me an answer or share his knwonledge/experience.
thanks in advance.
i've recently created a shell script who listen (via tcpdump) ethernet broadcast and
then tell me to the top 10 arp talkers on our LAN (maybe i should post in the script section).
It's based on finding "ARP, Request who-has" into the captured frames.
i've created this script because i noticed that in Cacti RRD graphs (showing Passport fiber port non-unicast frames),
non-unicast frames increased every hour abnormally.
and i've found 10/15 hosts who send every hour many ARP Request to all the IP range. It's about 50 broadcast per second
coming from these 10/15 hosts , every hour and for about 15 minutes. After 15 minutes, broadcast stop and back again
next hour.
I did not found the way on these hosts (Windows XP mainly) to determine the application that cause
broadcast flow. I've tried :
1/ scan (virus, worm, trojan) and nothing was found
2/ disable services one by one and broadcast did'nt stop
3/ task manager and process manager during a broadcast sending and i've seen nothing really obvious.
4/ start a new topic in my favorite ever forum....
Cris
