1 | initial version |
This is normal and nothing to worry about.
The ARP requests from the first server sounds like a network discovery from Kaspersky to identify all clients in the network. If a client answers to the request, Kaspersky will do further tests like "Is my Kaspersky client software installed and if yes, is it up-to-date?" and so on. The client will then appear in the client overview list of Kaspersky. You could temporary shutdown the Kaspersky services to double-check, if the ARP requests would disappear then.
The ARP requests from the second server to two specific IP addresses are diffcult to guess what they could be. My first guess was an old network drive which was previously reachable over a share on that IP addresses, and which is still configured on server 2. Have you checked that? You could also configure a client with one of the requested IP addresses and capture the traffic on that client. As soon as server 2 gets his answer to the ARP request, he will propably try to open a connection to that client. Depending on which destination port is used, you may can enclose the responsible process.