Solved

Analyzing network traffic

Posted on 2004-09-01
2
2,462 Views
Last Modified: 2013-11-13
Hi, ran a sniffer for a few seconds and saw this

    Source                               Dest              Protocol      INFO
02:01:00:00:00:00     ----->  Broadcast          0x886f      MS   NLB  Hearbeat


I'm seeing a lot of this traffic. It is 80% of the traffic. Anyone have any idea what it is?

2. Also, the STP protocol is running on my network and I only have one switch in my lab. Why would this be running? (I did have another switch before, but removed it)

3. I'm also noticing the CDP protocol is running on my switch. It is doing the following:

Source                                   Dest                    Protocol       INFO
00:90:f2:44:ae:01           01:00:0c:cc:cc:cc         CDP/VTP      Cisco Discovery Protocol

I know what CDP is for, but what is up with that destination MAC address?
0
Comment
Question by:dissolved
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 11960222
1. it means that there is at least one node running W2K ADV SVR's NLB (netowrk load balancing) service on your network. NLB will generate a huge traffic in the network, as what you have seen. you may NOT locate the node by its MAC address directly, because NLB use VIRTUAL MAC address instead. commonly, a good networking design for NLB is to use an individual and isolated network for heartbeat communication.

2. if you have only ONE switch on the netowork and NO VLAN deployed, you may consider to dsiable STP, to avoid the 30-second delay in packet forwarding from a port when a switch reconfigures.

3. "01:00:0c:cc:cc:cc" is a multicast address, used for locating other CDP enabled network neighbors.

hope it helps,
bbao
0
 

Author Comment

by:dissolved
ID: 11962210
Thanks a lot
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question