[WinPcap-users] Criritcal issue: NIC stealing all ARP requests.

[Matthew Tagg]

We have a machine in our datacenter that started stealing ARP's request once we installed WinpCap and Traffic Statistic (http://www.trafficstatistic.com). Marcel Bartels the author  assures me it not related to his application thus I'm wondering if any othe WinPCap users have heard of this.   Basically it is answering ARP's from the switch for IP's that are not assigned to the machine. This had the effect of DOS'ing other boxes on the same switch for which the IP did belong to. It was intermittent because obviously the real box that owned the IP would sometimes beat the rogue machine with an ARP reply.   The very strange things is after winpcap and trafficstatstic where uninstalled, it STILL continued to steal ARP's. Then we swapped out the network card for an identical one, same problem. We eventually installed a second card this time 1000mpbs Realtek and unplugged the 100mpbs from the network. This solved it as a temporary measure.   Also Promiscuous and Brodacast mode where unchecked in the trafficstatistic software.   Additional details: OS: Windows 2003 Network: Realtek 100MBps Other software: Netlimiter (installed 1 week before the incident and later uninstalled too along with winpcap).   Off the top of my head I can suspect: - buggy drivers - winpcap bug - some low-level registry setting changed   Thanks for any help Regards, Matthew