Solved

Analyzing network traffic

Posted on 2004-09-01
2
2,475 Views
Last Modified: 2013-11-13
Hi, ran a sniffer for a few seconds and saw this

    Source                               Dest              Protocol      INFO
02:01:00:00:00:00     ----->  Broadcast          0x886f      MS   NLB  Hearbeat


I'm seeing a lot of this traffic. It is 80% of the traffic. Anyone have any idea what it is?

2. Also, the STP protocol is running on my network and I only have one switch in my lab. Why would this be running? (I did have another switch before, but removed it)

3. I'm also noticing the CDP protocol is running on my switch. It is doing the following:

Source                                   Dest                    Protocol       INFO
00:90:f2:44:ae:01           01:00:0c:cc:cc:cc         CDP/VTP      Cisco Discovery Protocol

I know what CDP is for, but what is up with that destination MAC address?
0
Comment
Question by:dissolved
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 11960222
1. it means that there is at least one node running W2K ADV SVR's NLB (netowrk load balancing) service on your network. NLB will generate a huge traffic in the network, as what you have seen. you may NOT locate the node by its MAC address directly, because NLB use VIRTUAL MAC address instead. commonly, a good networking design for NLB is to use an individual and isolated network for heartbeat communication.

2. if you have only ONE switch on the netowork and NO VLAN deployed, you may consider to dsiable STP, to avoid the 30-second delay in packet forwarding from a port when a switch reconfigures.

3. "01:00:0c:cc:cc:cc" is a multicast address, used for locating other CDP enabled network neighbors.

hope it helps,
bbao
0
 

Author Comment

by:dissolved
ID: 11962210
Thanks a lot
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question