Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Analyzing network traffic

Posted on 2004-09-01
2
Medium Priority
?
2,608 Views
Last Modified: 2013-11-13
Hi, ran a sniffer for a few seconds and saw this

    Source                               Dest              Protocol      INFO
02:01:00:00:00:00     ----->  Broadcast          0x886f      MS   NLB  Hearbeat


I'm seeing a lot of this traffic. It is 80% of the traffic. Anyone have any idea what it is?

2. Also, the STP protocol is running on my network and I only have one switch in my lab. Why would this be running? (I did have another switch before, but removed it)

3. I'm also noticing the CDP protocol is running on my switch. It is doing the following:

Source                                   Dest                    Protocol       INFO
00:90:f2:44:ae:01           01:00:0c:cc:cc:cc         CDP/VTP      Cisco Discovery Protocol

I know what CDP is for, but what is up with that destination MAC address?
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 11960222
1. it means that there is at least one node running W2K ADV SVR's NLB (netowrk load balancing) service on your network. NLB will generate a huge traffic in the network, as what you have seen. you may NOT locate the node by its MAC address directly, because NLB use VIRTUAL MAC address instead. commonly, a good networking design for NLB is to use an individual and isolated network for heartbeat communication.

2. if you have only ONE switch on the netowork and NO VLAN deployed, you may consider to dsiable STP, to avoid the 30-second delay in packet forwarding from a port when a switch reconfigures.

3. "01:00:0c:cc:cc:cc" is a multicast address, used for locating other CDP enabled network neighbors.

hope it helps,
bbao
0
 

Author Comment

by:dissolved
ID: 11962210
Thanks a lot
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question