Well. Since you've captured packets that show that your Trading Server is sending the TCP ACK's with a window size of 0, you at least know the problem is definitely on your side. Which is actually a good thing, because you are in a position to fix it. (There is one thing that might be the issue which would be a problem on their end, I'll talk about that later)
You've also traced the issue to happening during times of increased throughput, also a good thing.
You said the CPU/RAM usage on your Trading Server reported normal. The application you are using, is it by chance configured to use a limited amount of RAM on the host OS? Maybe a limited percent? Because it would stand to reason that if so, as you had more connections and more throughput, there was less RAM available to the application, and therefore less resources available for TCP.
Either way, what OS is your Trading Server using? If you haven't already, you should look into tuning the OS to dedicate more RAM to TCP. In Windows, there are Registry values you can modify. In Linux, there are config files you can edit.
It would also be wise to make sure your Firewall (and nothing else in between) is trying to proxy your TCP sessions. That way you know you are dealing with the full "client to server" TCP connection, and not something in between.
The last thing I can offer is to study the TCP packets being sent from the Stock Exchange to your server just before your server sends a Window Size of 0. In particular, look for the incoming packets to have the value 11 in the IP Header's ECN field (Explicit Congestion Notification -- the last two bits in what used to be DSCP, bits 14 and 15 if you're looking at an IP Header). There is a chance that if both the Client and Server in the communication supported ECN, and a router in transit detected congestion, that it turned these bits on to tell the client and server to slow down their transfers. (This is that thing I said that might be a problem on their end)
I think that (tries to) answer questions 0,1,3. I'll have to dig around a bit more to give you a reliable answer for 2. But I'm pretty confident there is a way.
Well I think you are in luck, as there is a wireshark forum convo that addresses this completely, and describes your situation.
https://ask.wireshark.org/questions/2365/tcp-window-size-and-scaling
Basically, it's not the network, it's more likely the server your traders are all trying to access. The server can't process the packets it's getting at the rate it's getting them (i.e., drinking from the firehose) and thus that message is the result.
Asking about tools, well, wireshark ;)
You need networking monitoring for long-term bandwidth and error graphing/tracking. Cacti and Nagios (or Icinga) are free applications that run on any unix/linux platform. For Windows, you're better off buying something from SolarWinds (you work for a trading firm so they should be able to spend a small amount on this); What's Up Gold would be a decent starting point. Not from SolarWinds but very good is PRTG.
For immediate tools, read more on ping and traceroute in windows. The defaults for those commands are absolutely horrible, and tweaking them can give you better and faster results. If you have a unix/linux system available, mtr is the trace/path-performance tool-of-choice for network administrators.
Best Answer
It seems the destination IP address (172.20.13.122) is not answering the ARP requests. The source IP (172.20.0.31) is trying to reach that address for some reason and thus is continuing sending ARP requests until it gets an answer or it gives up on reaching the host.
The reason could be that the destination host is offline or unreachable, or that the source host has a wrong subnet mask so that it is sending ARP requests instead of sending the packets to the gateway.