Lots of multicast traffic from server

We have a windows server 2008 that runs a student information database.  Wire shark shows almost 100 packets a second going to a multicast address 224.0.0.150.  Any idea what this might be?  I am not great with networking so pardon my ignorance of the issue.
RoccatAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bill BachPresident and Btrieve GuruCommented:
Can you post a sample of the data itself?  Perhaps there is something inside there which will indicate its origin.  Also, is it going out through a specific port, either TCP or UDP?  You can use "NETSTAT -a -b" from an administrative command line to see which application is using that port.  If that doesn't help, then the SysInternals product ProcMon (www.sysinternals.com) will be able to show you which process is transmitting the messages.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RoccatAuthor Commented:
Port 150 UDP
0
RoccatAuthor Commented:
5478      64.496129      192.25.205.238      0      224.0.0.150      150 → 150  Len=583      UDP      00:50:56:ac:57:8a      00:50:56:ac:57:8a      192.25.205.238      625

This is the packet summary that is reoccurring about 100 times a second.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

awed1Commented:
This could have to do with Net BIOS Is it disabled throughout?
Check if the computer with the .238 address has it enabled.
0
RoccatAuthor Commented:
The tomcat 6 process is using 26 gb of ram right now.
Netbios is not disabled
0
Bill BachPresident and Btrieve GuruCommented:
Did a quick web search, and found this scary reference:

Port(s)       Protocol       Service       Details       Source
150       tcp,udp       sql-net       Denial of service of Ascend routers through port 150 (remote administration).
References: [CVE-1999-0221]
SQL-NET (IANA official)

Is it possible that the server is infected?  Were you able to see the process name via ProcMon?
0
awed1Commented:
So you are using NetBIOS with the Tomcat?
The UDP Port 150 is commonly used by NetBIOS
If you need it, then leave it running, but if not, the problem might disappear once it is disabled.
0
awed1Commented:
Maybe the cluster configuration in the Tomcat is not set properly.
It normally is set to a frequency of 500MS maybe it is somehow set to 5 or something like that.
0
Craig BeckCommented:
224.0.0.150 is an unassigned multicast address.  It has nothing to do with UDP port 150 though.

Can you post a wireshark log?
0
RoccatAuthor Commented:
Multiple reoccurring scheduled tasks that were failing were putting sending out all the traffic.  Not sure what they are broadcasting but it has calmed down for now.  Thank you for the help.
0
RoccatAuthor Commented:
Thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.