Richard Mundell wrote: > I took a quick look... > > ARP traffic appears to be what is essentially administrative traffic from > other DSL customers (on the internet side of your connection) so your ISP's > router can figure out IP address to Ethernet address mappings (might also be > DHCP traffic... Not sure if that shows up in Wireshark as ARP traffic... > Happy to be corrected on that!). I'm guessing your PC is directly connected > to the cable modem without a router? You really should invest in a > router/firewall to sit between your cable modem and your PC. Hardware > firewalls are typically more secure than software firewalls and it'll > isolate you from that ARP traffic (not that it's doing any harm). > Entry-level Linksys or D-Link products are less than $50 and should work > straight out of the box. > > The other traffic in the capture is a high volume of (failed) DNS lookups > from your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed this DNS > entry doesn't exist, but I'm wondering if you might have some malware on > your PC which is trying to "phone home". Make sure your anti-virus is up to > date and run a full system scan (and try downloading the Spybot or MS > Windows Defender products and scanning with those too). > > All in all, though, over the 10 second period all of these packets are less > than 52KB (kilobytes) or 416Kb (kilobits) - no more than 41kb/s on average, > so that's not the reason why your 6Mb/s connection is running "slow". If you > do have a malware-infected PC it could be making your network card generally > run slow. If your PC checks out clean (or you clean it), you might want to > try another speed test tool before going back to your ISP. There's a good > free one, geographically located fairly near you, here: > http://eng.nac.net/bwtest/. > > Hope that helps. > > Richard > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of IchBin > Sent: Tuesday, July 10, 2007 10:28 PM > To: [email protected] > Subject: [Wireshark-users] Tons of ARP packets...? > > Hello all, this is my first post here. I am not a network person and this is > why I a posting here. Wireshark is running without any problems but having a > hard time understanding why I am being bombarded with ARP packets. > > The end of last week I started to be bombarded with ARP packets. I have a > Comcast Internet Cable connection. I have a slow 3.5MB/sec connection. > I'm suppose to get up to 6mb/sec but that is another story by it's self. > > I am running on Windows XP SP2 and current on all updates. The cable lite on > my modem, for displaying traffic, is just about solidly lit as if > downloading a large file all the time. I traced about 10 seconds with > Wireshark and found that three fourths of the traffic are ARP packets. > > My concern is the bandwidth that it must be eating up. I initially thought > that it was a hardware problem on Comcast's network. I called them and they > checked my connection and said all is OK. They did not see this traffic. On > my PC the funny thing is that if I sign in to another window's XP SP admin > user the cable modem lite acts normal again and I do not see the ARP > traffic. > > Can any one give me some insight or directions on resolving this problem. It > has to be a problem. I have never seen traffic like this on any modem I have > ever used. Is this the providers problem or my problem that I could resolve. > > I have attached a 10 trace dump to this message. Here is some of my Network > connection information: > > Physical Address: 00-00-88-24-2B-BA > IP Address: 69.139.93.171 > Subnet Mask: 255.255.255.0 > Default Gateway: 69.139.93.1 > DHCP Server: 68.87.64.10 > DNS Servers: 68.87.64.146, 68.87.75.194 >
Thank you Richard for your analysis. Sorry I replied to your email address. Well I guess it would be nice if I replied to the "gmane.network.wireshark.user: Authorization required" email...duh I do run WinXP SP 2 firewall. I was running ZoneAlarm Pro but it was slowing down my machine. I am currently on an old PC that is on its last leg. I am building a new one to replace this one presently. Anyway, I also run Avast! Pro, Ad-adware SE Pro, Spywareblaster and naturally Spybot Search and Destroy. Also run Registry Mechanic. I have run HJackThis and Fixwareout and cleaned up a lot of stuff. The problem happen after I cleaned up my machine. I mean to say I have been running clean for a few weeks before this problem. I have a 591K Host file that I use from http://www.mvps.org/winhelp2002. I would guess this is why there are so many bad DNS lookups. But then again all of the websites in the host file points to my localhost so maybe I should look into this xxz0n3dxx.dyndns.org. I think my machine is clean now but suspect what you mentioned about the phone-home problem maybe true. It kinda supported by the fact that if I sign off my account which has admin privilege, I use it all of the time, and sign-on to another admin user I do not see this activity on the modem. Yes, I am not going through a router\firewall. It's a direct connection to cable modem and then computer USB port. I was just concerned that all of a sudden my cable modem light is on all of the time like it do some heavy work. -- Thanks in Advance... http://weconsulting.org IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org ______________________________________________________________________ 'If there is one, Knowledge is the "Fountain of Youth"' -William E. Taylor, Regular Guy (1952-) _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
