?
Solved

MS NLB Traffic

Posted on 2009-04-10
7
Medium Priority
?
425 Views
Last Modified: 2012-08-14
I am trying to track down the source of MS NLB traffic on my network.  We have dozens of servers in our network so it could be any of them.  I am trying to track down which computer is sending the traffic without logging into each and every one of them and checking network properties.
0
Comment
Question by:scottbortis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 24123478
Greetings scottbortis,

I would highly recommend using one of those Open source network analyzer tools, and I believe the best in the market is Ethereal, try it and let me know:

http://www.ethereal.com/

Good Luck,

Naser
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24129254
I had used wireshark to track it down, however the MS NLB protocol doesn't have any start or end point so it is very difficult to track down.  The destination is Broadcast (ff:ff:ff:ff:ff:ff)  and the source is (02:01:00:00:00:00).  So I am unable to track it down using network sniffing tools.  Any other suggestions?

Scott
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24151667
Does anyone else have any suggestions to try?
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24217881
bump
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 24457143
NLB uses the nlbs service name in most cases - knowing the range of OS's deployed would be helpful.
What system tools are you using to maintain your environment? SCCM? SCOM?

Two ways immdeiately spring to mind.

The first is cheap and cheerful;
Download and install the 30-day limited full-version of dameware utilities - www.dameware.com
Install it on a local machine as an administrator of the domain.
Click on each server in turn that is listed and hit the services tab - note the ones with nlbs and check those for the nlb instance you want.

The second is harder and also cheap but depends on your own skills.
Use WMI in a script to read the registry values of the nlbReg settings form each server - wherever the value is greater than Nul you have an nlb instance - echo the output to a text fileand this will give you a list of Nlbs servers.
be aware that some versions called it wlbs rather than nlbs
http://technet.microsoft.com/en-us/library/cc781392(WS.10).aspx

Keith
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This program is used to assist in finding and resolving common problems with wireless connections.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question