<div>
5478 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;64.496129 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;192.25.205.238 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;224.0.0.150 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;150 → 150 &nbsp;Len=583 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;UDP &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;00:50:56:ac:57:8a &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;00:50:56:ac:57:8a &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;192.25.205.238 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;625<br />
<br />
This is the packet summary that is reoccurring about 100 times a second.
</div>


<div>
The tomcat 6 process is using 26 gb of ram right now.<br />
Netbios is not disabled
</div>


<div>
Did a quick web search, and found this scary reference:<br />
<br />
Port(s) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Protocol &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Service &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Details &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Source<br />
150 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tcp,udp &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sql-net &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Denial of service of Ascend routers through port 150 (remote administration).<br />
References: [CVE-1999-0221]<br />
SQL-NET (IANA official)<br />
<br />
Is it possible that the server is infected? &nbsp;Were you able to see the process name via ProcMon?
</div>


<div>
So you are using NetBIOS with the Tomcat?<br />
The UDP Port 150 is commonly used by NetBIOS<br />
If you need it, then leave it running, but if not, the problem might disappear once it is disabled.
</div>


<div>
Maybe the cluster configuration in the Tomcat is not set properly.<br />
It normally is set to a frequency of 500MS maybe it is somehow set to 5 or something like that.
</div>


<div>
Multiple reoccurring scheduled tasks that were failing were putting sending out all the traffic. &nbsp;Not sure what they are broadcasting but it has calmed down for now. &nbsp;Thank you for the help.
</div>


<div>
<div class="content wysiwyg-content">
We have a windows server 2008 that runs a student information database. &nbsp;Wire shark shows almost 100 packets a second going to a multicast address 224.0.0.150. &nbsp;Any idea what this might be? &nbsp;I am not great with networking so pardon my ignorance of the issue.
</div>
</div>


We have a windows server 2008 that runs a student information database.  Wire shark shows almost 100 packets a second going to a multicast address 224.0.0.150.  Any idea what this might be?  I am not great with networking so pardon my ignorance of the issue.

Lots of multicast traffic from server

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Switches / Hubs

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.