Did a capture today which showed my laptop sending ARP after ARP requests to unknown IP addresses. Example:
Looking for assistance on how to determine what service or program might be causing this? asked 21 Jun '17, 16:15  geo3d edited 24 Jun '17, 06:59  grahamb ♦ |
2 Answers:
At first look what IP address does your laptop have. I see unicast packet no.134 sourced from IP 192.168.1.142. Probably this is your address. Whereas ARP requests contain "Tell 192.168.1.130", it means they're sourced from 192.168.1.130. So it can be someone's else laptop sending these ARPs and you see them just because they are broadcasts. As for ARPs themselves, this looks like ARP scan. It can be some monitoring software doing discovery. But at first - be sure what PC is the source of it. answered 22 Jun '17, 02:13  Packet_vlad edited 22 Jun '17, 02:14 |
Look for malware. answered 22 Jun '17, 09:08  Velas |
PVlad, thanks and yes the ARP requests are coming from my wife's laptop (sorry I wasn't more clear on that). She's been having some bandwidth issues lately so I first changed wifi channels to something with much less traffic then next day did a scan for further troubleshooting. That's when I noticed the numerous ARP scans. Did a lookup on the web and noticed someone else came across same exact issue but no resolution was provided. I'm trying to pinpoint the source program that is sending the ARP requests.