I have wireshark running on a host in my home network, and it seems another host on my network (that was recently cleaned of malware
) is sending ARP requests for a .106 address within my network. That range of addresses is static DHCP for wired networks only in my current network configuration. Wireless hosts get a DHCP address from different block of addresses, and only my wife's machine is logging our network according to the firewall logs. The last time there was a .106 IP address was a very long time ago. This host is the only one making ARP requests for this address. It sends them at approximate 3 minute intervals. This tells me something wants to talk to .106, and I wonder if there is still still some undetected dormant malware (every scan comes up clean). I have stopped all SQL services with no effect. I don't know if there is a legit XP reason to still want to connect to that IP address.
How do I go about finding out what process is trying to talk to .106? Any ideas? I have the SysInternalsSuite, and I am a s/w engr, but not a windows programmer.
thanks in advance,