Hi Terry My replies below.
> A couple of things as I read this thread- based on speculation as I try > to understand what is going on. > > - some process must intercepting ARP replies and sending out incorrect > ARP reply packets By this it take it you mean some application process? Can in not be the windows networking subsystem? > - winpcap being installed around the time the problem started makes one > wonder if there was some sequence like (based on the fact that winpcap > by itself does nothing) > -- program X installed > -- X intercepts ARP requests and replies to them but works OK in > non-promiscuous mode (why? I don't know) > -- install winpcap, some programs sets the card in promiscuous mode > -- X now gets all ARP requests for all machines and sends replies- or > it has been sending ARP replies all along and in promiscuous mode they > actually get sent > -- the uninstall doesn't work (because it wasn't run or had errors or > the wrong install or ...) > -- some service fires up on reboot and sets card in reboot mode (this > explains why removing the card fixed the problem- the service could not > find it?) Actually removing the card and replacing it with a different one (diff mac address) though exact same model, did NOT solve the problem. It was only when I added a second card (DIFFERENT model - 1000GBps this time) and disabled the first one did the problem go away. > Where X could be netlimiter, trafficstatisic or something else > > Things to do and questions > -- which uninstall was run? (winpcap or trafstatistics) Both and netlimiter uninstall > -- after uninstall if you searched the machine for the winpcap DLLs, > were they found? No.. > -- if winpcap and tra..statistics were installed and netlimiter was not > installed, did the problem still occur? I never tried that - this was a very urgent situation - my may concern was to stop the DOS on the other machines while maintaining uptime on the rogue machine. > -- did you run an anti-virus/spyware program? No I am going to run WinPCap and TrafficStatisic installs through a reg and file sniffer to see exactly what gets modified. ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================