Need Help Investigating Cause for Network Drops


I am currently investigating to find the cause of numerous 15-60 second network drops thought the day. This has been fairly consistent over the past few weeks. The problem has been isolated to something in the firewall itself or on the LAN side. The Connectivity check from the Firewall to the Cable modem is clean. We have also setup a box outside the firewall on a static IP and their are no drops.

I am currently using Wireshark captures to compare similar times to our ping logs that show the drops and connectivity issues. One thing I did notice was “Gratuitous ARP for” from two different Sources Intel_4a:44:d0 & Intel_4a:44:a5 One of these is my file server the other I need to check but it may be a flaky machine that is not always online.

My question in particular is about the IP ---- this is not the subnet the subnet in use is 192.168.122.XXX How can I identify this foreign IP

Thanks for your assistance ahead of time! :




where in your network did you make the captures?
what was the foreign ip doing? connecting to a host or a server? what protocol was used?