DonovanV
asked on
Excessive NBNS query activity
I've been watching wireshark capturing on my wireless connection. I have found that when I am not in my primary network I get a massive amount of NBNS queries going on. My laptop is querying the names of some of my machines that would normally be expected on my primary network. I have tried purging the netbios cache with nbtstat -R but it had no effect. Anyone have any ideas short of turning off NBNS? I figure its kind of necessary if I am not in an environment that is using a DNS server.
Last Comment
ASKER
Hi Chris-Dent,
I can see where you're going with that answer. That would definitely solve the issue in my network but may I though a wrinkle into the situation and see what you think?
Lets say I set up a WINS server at my home network. One of my nodes is a laptop. As soon as that laptop travels to another network I assume it would start asking everyone on the new network where the names of its cached counterparts are to be found. Honestly my PCs at home don't chatter that much but taking my laptop off site and having it ask everyone where to find the names of my home machines is frustrating to me.
That being the case am I left with uninstalling NetBIOS over TCP and maybe setting up my own DNS server at home?
Thanks much,
D
I can see where you're going with that answer. That would definitely solve the issue in my network but may I though a wrinkle into the situation and see what you think?
Lets say I set up a WINS server at my home network. One of my nodes is a laptop. As soon as that laptop travels to another network I assume it would start asking everyone on the new network where the names of its cached counterparts are to be found. Honestly my PCs at home don't chatter that much but taking my laptop off site and having it ask everyone where to find the names of my home machines is frustrating to me.
That being the case am I left with uninstalling NetBIOS over TCP and maybe setting up my own DNS server at home?
Thanks much,
D
It's a bit odd really, unless you had mapped drives, or a domain at home I wouldn't really expect it to be sending out a lot of queries for that network.
You could disable NetBIOS over TCP/IP if you prefer, that certainly gets rid of the traffic, and DNS would allow you to resolve names (although you lose network browsing through My Network Places).
Otherwise you could configure the Node Type on the laptop (I think it can be done in the registry) to Point To Point. That gets rid of broadcast entirely and tells it to use a WINS server only.
Chris
ASKER
Now you see my interest in the heavy broadcasts when I'm off my home netowork. I don't have mapped drives so my thought was that if NetBIOS kept a cache then if I cleared it it would be fine. Wrong on that one. My other thought is that maybe its windows at fault for caching the names. Ever notice the history kept in the my network places area? Do you think there is a chance that windows is asking to resolve those history lines in an attempt to validate them? My laptop obviously has the names is querying stored somewhere other than the NetBIOS cache. Hmmm....
What are the names that it is trying to resolve? Chris-D is on the right track asking about mapped drives, but there may be other services that your machine is automatically looking for. Because it can't resolve the names via the other networks' DNS servers, it's resorting to broadcasts.
Is this machine a part of a domain?
Is this machine a part of a domain?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Great news -
You may also want to check My Network Places to see if you have any other cached connections.
You can turn off the option to automatically cache any \\xxxx network connections using the preferences in ciadv.msc
You may also want to check My Network Places to see if you have any other cached connections.
You can turn off the option to automatically cache any \\xxxx network connections using the preferences in ciadv.msc
ASKER
Thanks artthegeek.
I wouldn't have thought the indexing service was responsible for doing that. My guess would have been explorer. That's good info. One question for you. If i have disabled the indexing service are those settings still applicable?
Thanks,
D
I wouldn't have thought the indexing service was responsible for doing that. My guess would have been explorer. That's good info. One question for you. If i have disabled the indexing service are those settings still applicable?
Thanks,
D
Networking Protocols
Networking software modules are interfaced with a framework implemented on the machine's operating system that implements the networking functionality of the operating system. The best known frameworks are the TCP/IP model and the OSI model. Systems typically do not use a single protocol to handle a transmission. Instead they use a set of cooperating protocols, sometimes called a protocol family or protocol suite.[9] Some of the best known protocol suites include: IPX/SPX, X.25, AX.25, AppleTalk and TCP/IP. Other protocols indirectly related to networking include the hypertext transfer protocol (HTTP) and its related technologies, Dynamic Host Configuration Protocol (DHCP), Domain Name Server (DNS) and other Internet protocols.
12K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
I advise you install a WINS server and make sure all clients use it if you can.
If the clients are not members of a domain have DHCP (if you can) hand out a NetBIOS Node Type (Option 46) of 0x8 (Hybrid) which will have them check the WINS server before they think about Broadcasting for a name.
If a WINS server is out of the question then you're a bit stuck with the Broadcast traffic unless NetBIOS over TCP/IP is disabled.
Chris