I've recently noticed when I run wireshark that I'm continually getting strange ARP broadcasts. When connected to my router, the source is my physical address MAC, and broadcast asks: Who has 10.59.0.184? Tell 192.168.10.1. Broadcasts are quite consistent but sporadic (a few times a minute, usually in 4-5 packets at a time). If I plug my cable modem directly into my computer, the source is my default gateway MAC and the broadcast asks: Who has 220.127.116.11? Tell 18.104.22.168. It seems when I do this the broadcasts are much less frequent and come in just one packet at a time.
Google says that IP belongs to Cybercorp.inc / 3web corp (my ISP is Rogers). Not sure if that's useful information or not. I'm about 99% sure my machine is not infected with any sort of malware, and just to be safe, I've scanned it with the following: AVG, Avira, Spybot, Malwarebytes, SUPERantispyware, Kaspersky online scan - all of which showed no infection. This wasn't happening about two weeks ago and I can't think of anything I did that might have caused it. Although, this did start around the same time that my download speed doubled (I figured they upgraded their hi-speed "lite" service which is what I'm subscribed to), so maybe it's something my ISP changed.
I have a feeling that this is going to end up being something stupid and make me look like a newbie, which I am, but I just need peace of mind! Any help would be greatly appreciated.
Edit: Ok so after doing a bunch of random stuff like rebooting everything and disconnecting/connecting etc.. it finally seemed to resolve itself, but now I'm getting spammed with a different ARP broadcast message. This one is being broadcast from a different computer connected to the same network and it's spamming me about every two seconds, constantly. Using wireshark on that computer, it shows the source as that computers MAC, the broadcast is asking for the router IP, then the router replies appearing to communicate successfully, except it loops over and over again. Something is definitely screwed up but I think I can rule malware out.
Edited by Freegman, 13 May 2009 - 01:45 PM.