Thanks to everyone for the suggestions. The mystery is solved. Here are my troubleshooting steps: 1) I got a 10 BaseT hub and I plugged the cable modem and all the computers in there. 2) I was not able to ping the default gateway. But I was able to ping any computers from any other computers. 3) I examined hub; one of the ports, port 3, was showing unusual Link activity. (The hub has 5 ports) I plugged in a network monitor and found out that the PC on port 3 was sending 45 broadcast/seconds! 4) I examined the capture and found that the broadcasts were arp requests to the default gateway!!!! 5) I then examined the arp cache of the PC and found the following: 63.162.86.1 00-00-00-00-00-00 invalid 6) I deleted the entry and created a static (permanent) arp entry for the default gateway 7) I did another network capture: this time the PC was sending TCP traffic out to random sites on the internet at a rate of 5,569 bytes per seconds!!!! 8) I went to Microsoft Website and searched their latest security bulletin looking for symptoms of virus infection 9)I did not have the symptoms of increased CPU activity but when I did a scan on my PC I found the file "root.exe" under d:\inetpub\wwwroot\ (This file belongs to the Code Red Virus) 10) I cleaned up and patched up the PC; everyone was then able to ping the default gateway. ----- What I learned: If I had moved to network capture analysis earlier in the process I could have saved myself a lot of work!!! What I still need to understand: how did the broadcast of the infected machine prevent other machines to ping the default gateway on the switch ? (please note that all the machines -- even the infected machine-- were able to ping each other while on the switch) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18332&t=18332 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
