MarketingDrive
asked on
Can't resolve UDP port 137 queries
I'm hoping someone can help here. We transitioned from one network to a new one last year when we were sold off. We built the network from scratch. However, since I've been monitoring network traffic I'm seeing an inordinate amount of UDP traffic over port 137 coming from a variety of machines going to our old network IP scheme.
Here's what I've checked:
DHCP, AD and DNS servers: no DNS entries of old IP scheme, no NetBIOS entries of old network.
Old printers: all printers and printer ports mapped to old IP scheme have been removed
Flushed DNS cache
Ran WireShark to confirm NBNS queries
Looked for HOST files/LMHOSTS files - none show any entries
I'm out of ideas what to try or look for. I'm seeing this traffic being generated from a variety of machines on our network, so I'm pretty sure these queries are all coming from the same cause. If I can nail it down on one machine, I'm sure it will fix the problem on all.
PS: I've also done a search on EE and none of the answers to questions similar to mine helped. :)
Here's what I've checked:
DHCP, AD and DNS servers: no DNS entries of old IP scheme, no NetBIOS entries of old network.
Old printers: all printers and printer ports mapped to old IP scheme have been removed
Flushed DNS cache
Ran WireShark to confirm NBNS queries
Looked for HOST files/LMHOSTS files - none show any entries
I'm out of ideas what to try or look for. I'm seeing this traffic being generated from a variety of machines on our network, so I'm pretty sure these queries are all coming from the same cause. If I can nail it down on one machine, I'm sure it will fix the problem on all.
PS: I've also done a search on EE and none of the answers to questions similar to mine helped. :)
137 is used for netbios. This could be because netbios over IP is enabled on these machines. If you have DNS running correctly, you can disable netbios over ip by going into the tcp/ip properties-->advanced-->WI
ASKER
Won't that prevent that server from being able to connect via machine name instead of IP?
Not if DNS is running.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
P.S.
by default - "messenger" service is using UDP 137, u can disable this from "control panel","administrative tools", "services" - look for "Messenger"
by default - "messenger" service is using UDP 137, u can disable this from "control panel","administrative tools", "services" - look for "Messenger"