I am trying to clean up some items on my network, and I noticed this under my realtime log viewer. A IP address 10.10.10.158 (old Citrix Web interface server) has been turned off for 3 months, and I'm seeing this packet transfered every 3-5 seconds It is always a built ICMP followed by a Teardown. The IP its going to (10.10.11.28) (which is on) is a Citrix netscaler.
Does anyone have any ideas how I can track down these requests coming from this server that is turned off?
Feb 19 2009 09:59:19 302020 10.10.10.158 0 10.10.11.28 7168 Built outbound ICMP connection for faddr 10.10.10.158/0 gaddr 10.10.11.28/7168 laddr 10.10.11.28/7168