Since .2 is the Exchange server, it appears that it's receiving UDP traffic from an APIPA-configured host (probably broadcast) and trying to reply to it. Since the 169.-subnet isn't in it's local segment, it uses ISA to respond (Default Gateway) and ISA logs this apparently strange traffic. About all you can do at this point is to run Netmon on the Exchange server until you see that traffic. Then you'll get a MAC address that'll can help you pin down the offender. Also, do you have manageable network devices (switches, routers, etc.)? If so, you could use them to narrow it down. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://jalojash.org/isatools Read the books! ----- Original Message ----- From: "skip" <skip@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 27, 2002 8:47 AM Subject: [isalist] RE: I dont understand all this UDP traffic http://www.ISAserver.org Jim thanks a bunch for the reply, i have been struggling with this issue for quite some time now. To answer your question 192.168.0.2 is the exchange server, 192.168.0.1 is ISA, and yes I am running RRAS on ISA, i used the wizard to set this up, and i dont ues DHCP to hand out ip's, I use a pool, which i reserv in DHCP. Should i do the arp -a on the ISA server, or Exchange to try and locate the culprit? Thnaks Again ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')