MS NLB Traffic

I am trying to track down the source of MS NLB traffic on my network.  We have dozens of servers in our network so it could be any of them.  I am trying to track down which computer is sending the traffic without logging into each and every one of them and checking network properties.
LVL 2
scottbortisAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
NLB uses the nlbs service name in most cases - knowing the range of OS's deployed would be helpful.
What system tools are you using to maintain your environment? SCCM? SCOM?

Two ways immdeiately spring to mind.

The first is cheap and cheerful;
Download and install the 30-day limited full-version of dameware utilities - www.dameware.com
Install it on a local machine as an administrator of the domain.
Click on each server in turn that is listed and hit the services tab - note the ones with nlbs and check those for the nlb instance you want.

The second is harder and also cheap but depends on your own skills.
Use WMI in a script to read the registry values of the nlbReg settings form each server - wherever the value is greater than Nul you have an nlb instance - echo the output to a text fileand this will give you a list of Nlbs servers.
be aware that some versions called it wlbs rather than nlbs
http://technet.microsoft.com/en-us/library/cc781392(WS.10).aspx

Keith
0
 
Naser GabajE&P Software Implementation SpecialistCommented:
Greetings scottbortis,

I would highly recommend using one of those Open source network analyzer tools, and I believe the best in the market is Ethereal, try it and let me know:

http://www.ethereal.com/

Good Luck,

Naser
0
 
scottbortisAuthor Commented:
I had used wireshark to track it down, however the MS NLB protocol doesn't have any start or end point so it is very difficult to track down.  The destination is Broadcast (ff:ff:ff:ff:ff:ff)  and the source is (02:01:00:00:00:00).  So I am unable to track it down using network sniffing tools.  Any other suggestions?

Scott
0
 
scottbortisAuthor Commented:
Does anyone else have any suggestions to try?
0
 
scottbortisAuthor Commented:
bump
0
All Courses

From novice to tech pro — start learning today.