Solved

MS NLB Traffic

Posted on 2009-04-10
7
417 Views
Last Modified: 2012-08-14
I am trying to track down the source of MS NLB traffic on my network.  We have dozens of servers in our network so it could be any of them.  I am trying to track down which computer is sending the traffic without logging into each and every one of them and checking network properties.
0
Comment
Question by:scottbortis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 24123478
Greetings scottbortis,

I would highly recommend using one of those Open source network analyzer tools, and I believe the best in the market is Ethereal, try it and let me know:

http://www.ethereal.com/

Good Luck,

Naser
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24129254
I had used wireshark to track it down, however the MS NLB protocol doesn't have any start or end point so it is very difficult to track down.  The destination is Broadcast (ff:ff:ff:ff:ff:ff)  and the source is (02:01:00:00:00:00).  So I am unable to track it down using network sniffing tools.  Any other suggestions?

Scott
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24151667
Does anyone else have any suggestions to try?
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24217881
bump
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 24457143
NLB uses the nlbs service name in most cases - knowing the range of OS's deployed would be helpful.
What system tools are you using to maintain your environment? SCCM? SCOM?

Two ways immdeiately spring to mind.

The first is cheap and cheerful;
Download and install the 30-day limited full-version of dameware utilities - www.dameware.com
Install it on a local machine as an administrator of the domain.
Click on each server in turn that is listed and hit the services tab - note the ones with nlbs and check those for the nlb instance you want.

The second is harder and also cheap but depends on your own skills.
Use WMI in a script to read the registry values of the nlbReg settings form each server - wherever the value is greater than Nul you have an nlb instance - echo the output to a text fileand this will give you a list of Nlbs servers.
be aware that some versions called it wlbs rather than nlbs
http://technet.microsoft.com/en-us/library/cc781392(WS.10).aspx

Keith
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question