Solved

MS NLB Traffic

Posted on 2009-04-10
7
423 Views
Last Modified: 2012-08-14
I am trying to track down the source of MS NLB traffic on my network.  We have dozens of servers in our network so it could be any of them.  I am trying to track down which computer is sending the traffic without logging into each and every one of them and checking network properties.
0
Comment
Question by:scottbortis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 24123478
Greetings scottbortis,

I would highly recommend using one of those Open source network analyzer tools, and I believe the best in the market is Ethereal, try it and let me know:

http://www.ethereal.com/

Good Luck,

Naser
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24129254
I had used wireshark to track it down, however the MS NLB protocol doesn't have any start or end point so it is very difficult to track down.  The destination is Broadcast (ff:ff:ff:ff:ff:ff)  and the source is (02:01:00:00:00:00).  So I am unable to track it down using network sniffing tools.  Any other suggestions?

Scott
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24151667
Does anyone else have any suggestions to try?
0
 
LVL 2

Author Comment

by:scottbortis
ID: 24217881
bump
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 24457143
NLB uses the nlbs service name in most cases - knowing the range of OS's deployed would be helpful.
What system tools are you using to maintain your environment? SCCM? SCOM?

Two ways immdeiately spring to mind.

The first is cheap and cheerful;
Download and install the 30-day limited full-version of dameware utilities - www.dameware.com
Install it on a local machine as an administrator of the domain.
Click on each server in turn that is listed and hit the services tab - note the ones with nlbs and check those for the nlb instance you want.

The second is harder and also cheap but depends on your own skills.
Use WMI in a script to read the registry values of the nlbReg settings form each server - wherever the value is greater than Nul you have an nlb instance - echo the output to a text fileand this will give you a list of Nlbs servers.
be aware that some versions called it wlbs rather than nlbs
http://technet.microsoft.com/en-us/library/cc781392(WS.10).aspx

Keith
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question