?
Solved

Analyzing network traffic

Posted on 2004-09-01
2
Medium Priority
?
2,585 Views
Last Modified: 2013-11-13
Hi, ran a sniffer for a few seconds and saw this

    Source                               Dest              Protocol      INFO
02:01:00:00:00:00     ----->  Broadcast          0x886f      MS   NLB  Hearbeat


I'm seeing a lot of this traffic. It is 80% of the traffic. Anyone have any idea what it is?

2. Also, the STP protocol is running on my network and I only have one switch in my lab. Why would this be running? (I did have another switch before, but removed it)

3. I'm also noticing the CDP protocol is running on my switch. It is doing the following:

Source                                   Dest                    Protocol       INFO
00:90:f2:44:ae:01           01:00:0c:cc:cc:cc         CDP/VTP      Cisco Discovery Protocol

I know what CDP is for, but what is up with that destination MAC address?
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 11960222
1. it means that there is at least one node running W2K ADV SVR's NLB (netowrk load balancing) service on your network. NLB will generate a huge traffic in the network, as what you have seen. you may NOT locate the node by its MAC address directly, because NLB use VIRTUAL MAC address instead. commonly, a good networking design for NLB is to use an individual and isolated network for heartbeat communication.

2. if you have only ONE switch on the netowork and NO VLAN deployed, you may consider to dsiable STP, to avoid the 30-second delay in packet forwarding from a port when a switch reconfigures.

3. "01:00:0c:cc:cc:cc" is a multicast address, used for locating other CDP enabled network neighbors.

hope it helps,
bbao
0
 

Author Comment

by:dissolved
ID: 11962210
Thanks a lot
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question