Solved

MS NLB Traffic

Posted on 2009-04-10
7
395 Views
Last Modified: 2012-08-14
I am trying to track down the source of MS NLB traffic on my network.  We have dozens of servers in our network so it could be any of them.  I am trying to track down which computer is sending the traffic without logging into each and every one of them and checking network properties.
0
Comment
Question by:scottbortis
  • 3
7 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 24123478
Greetings scottbortis,

I would highly recommend using one of those Open source network analyzer tools, and I believe the best in the market is Ethereal, try it and let me know:

http://www.ethereal.com/

Good Luck,

Naser
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24129254
I had used wireshark to track it down, however the MS NLB protocol doesn't have any start or end point so it is very difficult to track down.  The destination is Broadcast (ff:ff:ff:ff:ff:ff)  and the source is (02:01:00:00:00:00).  So I am unable to track it down using network sniffing tools.  Any other suggestions?

Scott
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24151667
Does anyone else have any suggestions to try?
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24217881
bump
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 24457143
NLB uses the nlbs service name in most cases - knowing the range of OS's deployed would be helpful.
What system tools are you using to maintain your environment? SCCM? SCOM?

Two ways immdeiately spring to mind.

The first is cheap and cheerful;
Download and install the 30-day limited full-version of dameware utilities - www.dameware.com
Install it on a local machine as an administrator of the domain.
Click on each server in turn that is listed and hit the services tab - note the ones with nlbs and check those for the nlb instance you want.

The second is harder and also cheap but depends on your own skills.
Use WMI in a script to read the registry values of the nlbReg settings form each server - wherever the value is greater than Nul you have an nlb instance - echo the output to a text fileand this will give you a list of Nlbs servers.
be aware that some versions called it wlbs rather than nlbs
http://technet.microsoft.com/en-us/library/cc781392(WS.10).aspx

Keith
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now