Server Statistics for \\JAS5100
Statistics since 10/8/2003 8:52 AM Sessions accepted 1 Sessions timed-out 0 Sessions errored-out 0 Kilobytes sent 10 Kilobytes received 14 Mean response time (msec) 0 System errors 0 Permission violations 0 Password violations 0 Files accessed 13 Communication devices accessed 0 Print jobs spooled 0 Times buffers exhausted Big buffers 0 Request buffers 0 The command completed successfully. -----Original Message----- From: stefano tufillaro [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT Received Packets What is the result of net stats server ? >From: "Salandra, Justin A." <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] OT Received Packets >Date: Wed, 8 Oct 2003 13:31:07 -0400 MIME-Version: 1.0 >Received: from mail.activedir.org ([64.245.160.7]) by mc8-f11.hotmail.com >with Microsoft SMTPSVC(5.0.2195.5600); Wed, 8 Oct 2003 11:24:14 -0700 >Received: from CHCSMAIL.CHCSNET.ORG [141.155.77.1] by mail.activedir.org >(SMTPD32-8.03) id A4B42CE012E; Wed, 08 Oct 2003 14:17:24 -0400 >Received: by chcsmail.chcsnet.org with Internet Mail Service >(5.5.2653.19)id <4QLJ35T0>; Wed, 8 Oct 2003 13:31:12 -0400 >X-Message-Info: yilqo4+6kc5k/V8SDgQTgYOw9Wxvmg5z >Message-ID: <[EMAIL PROTECTED]> >X-Mailer: Internet Mail Service (5.5.2653.19) >Precedence: bulk >Sender: [EMAIL PROTECTED] >Return-Path: [EMAIL PROTECTED] >X-OriginalArrivalTime: 08 Oct 2003 18:24:16.0051 (UTC) >FILETIME=[61845030:01C38DC9] > > > >I ran ethereal and netmon and don't show any traffic to my computer, but >look above, I get 5,000,000 packets > > -----Original Message----- >From: Garello, Kenneth [mailto:[EMAIL PROTECTED] >Sent: Wednesday, October 08, 2003 1:06 PM >To: '[EMAIL PROTECTED]' >Subject: RE: [ActiveDir] OT Received Packets > >I think someone mentioned previously that it is possible that the wrong >adapter might be chosen. > >Justin, > Make sure that you are not choosing the dial up adapter that always >appears >in the list. That should be apparent though, because you would receive at >most two packets. Other than that you should still see the occasional >broadcasts regardless of promiscuous mode. > >Ken > >-----Original Message----- >From: Roger Seielstad [mailto:[EMAIL PROTECTED] >Sent: Wednesday, October 08, 2003 8:01 AM >To: '[EMAIL PROTECTED]' >Subject: RE: [ActiveDir] OT Received Packets > >Let's leave NIC's private life out of this, ok? > >The NIC shouldn't need to go promiscuous for the simple fact that he's >trying to find packets that are hitting that box - so its only got to see >traffic that's destined for it. The flip side of that is that I don't >remember the last NIC I bought which couldn't go promiscuous, so I doubt >that's the issue, unless its an OLD POS model. > >I'm thinking it might actually be a filter in NetMon that's causing the >issue - but I don't know exactly why. > >-------------------------------------------------------------- >Roger D. Seielstad - MTS MCSE MS-MVP >Sr. Systems Administrator >Inovis Inc. > > > > -----Original Message----- > > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 07, 2003 9:59 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] OT Received Packets > > > > > > Total and complete speculation as I can't imagine in my > > wildest dreams as to > > why NetMon isn't picking up all of these 1000's of packets > > that Justin is > > seeing. The shim isn't able to read? <shrug> > > > > Yeah, I've seen some pretty messed up stuff in NetMon as > > well. In fact, the > > reverse is true - I've seen stuff in NetMon that Ethereal > > wasn't able to > > correctly read. > > > > I suspect that the biggest issue is that the NIC is not promiscuous. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Joe > > Sent: Tuesday, October 07, 2003 8:43 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] OT Received Packets > > > > Yes. :o) > > > > I have not heard of ethereal being able to pick up packets that netmon > > can't. Have you positive experience of this or is it theory? > > I have seen > > some pretty hokey packets in netmon. > > > > joe > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > > Sent: Tuesday, October 07, 2003 8:50 PM > > To: [EMAIL PROTECTED] > > > > Joe, > > > > If the NIC can't get into promiscuous mode, won't it ignore > > packets that are > > *not* addressed to it? IOW, a packet comes in for another > > machine. It > > notes that the packet came in (via the stats at the In - Out [which, I > > question to some degree anyway]) but it's not for me. > > Because I'm not in > > promiscuous mode, I don't (can't) copy it, so I drop it. > > Because it wasn't > > copied, it's not passed to the NetMon shim. However, a > > packet the *IS* > > addressed to me shows up and is passed up the stack and is > > read as well by > > the NetMon shim. This one shows up in the trace buffer. > > > > Also, isn't it possible that the packets that are showing up > > at Justin's > > system corrupted. NetMon may or may not deal with it > > properly (can't answer > > that one, honestly).. Ethereal, does, however present even the corrupt > > packets with some ability to determine what might be the > > problem. The Pcap > > module does seem to be a bit ahead of the shim that NetMon uses. > > > > Yes, I know - but if the packets show up in the in-out > > counter on Justin's > > system, but no one else's - they must be destined for his > > system. Heck, I > > dunno. Me, I'm just one of the team here, and I'm counting > > on my supporting > > cast. Rick can't do everything.... (to paraphrase the football > > commercial.....) > > > > ;p > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Joe > > Sent: Tuesday, October 07, 2003 6:55 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] OT Received Packets > > > > Shouldn't need to NETMON will see everything Ethereal will. > > If the traffic > > is hitting that NIC, it should be visible in NETMON unless > > the NIC can't go > > into promiscious mode. Even still, anything addressed to that > > machine should > > be visible. > > > > joe > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran > > Sent: Tuesday, October 07, 2003 4:55 PM > > To: [EMAIL PROTECTED] > > > > Salandra, Justin A. wrote: > > > I am watching my interface in netmon and there is nothing > > coming up. > > > I see other traffic on the network. > > > > You could install Ethereal (http://www.ethereal.com) which > > will capture and > > analyze individual packets. > > > > That would answer the question once and for all, since you'd > > be able to see > > details of every single packet. At the rate you're gathering > > incomming > > packets, you should only need a few seconds worth of capture > > to find out > > where it's coming from. > > > > > > > > -----Original Message----- > > > From: Joe [mailto:[EMAIL PROTECTED] > > > Sent: Monday, October 06, 2003 10:36 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] OT Received Packets > > > > > > > > > I would guess that it is probably mostly ARP's and other > > broadcasts. I > > > would say whomever mentioned the viruses is probably accurate, but > > > open that up to all of the broadcast and searching viruses > > like mumu > > > and code red and nimda and ... And ... And ... And ... > > > > > > Whatever traffic it is though, it should be readily available in > > > netmon unless the wrong interface is being watched. > > > > > > > > > joe > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Gil > > > Kirkpatrick > > > Sent: Monday, October 06, 2003 2:35 PM > > > To: '[EMAIL PROTECTED]' > > > > > > My first thought it might be machine policy, but it sounds like the > > > traffic is fairly continuous, as opposed to just after boot. > > > > > > Are you running any p2p software? > > > > > > -g > > > > > > > > > -----Original Message----- > > > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] > > > Sent: Monday, October 06, 2003 10:47 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] OT Received Packets > > > > > > > > > Netmon is gathering traffic but not showing all the packets > > that I am > > > receiving. > > > > > > I am finding these numbers by going into Network and > > clicking on the > > > status of my network connection. Right now I have 29,000 packets > > > received and 5,000 sent and my laptop has been on for an hour. > > > > > > -----Original Message----- > > > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > > > Sent: Monday, October 06, 2003 1:26 PM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] OT Received Packets > > > > > > "I have run network monitor and can not find what the > > traffic is that > > > I am receiving." > > > > > > Meaning that NETMON is not showing any traffic? Or that > > NETMON can't > > > identify the traffic? > > > > > > How are you determining that you are actually receiving > > this traffic? > > > PERFMON? > > > > > > -gil > > > > > > > > > -----Original Message----- > > > From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] > > > Sent: Monday, October 06, 2003 5:39 AM > > > To: ActiveDir (E-mail) > > > Subject: [ActiveDir] OT Received Packets > > > > > > > > > This a little off topic, but I have to ask. My Laptop > > within minutes > > > of being turned on receives over 7,000 packets and sends > > only 300 or > > > so. In 15 minutes I will have over 30,000 received packets. My > > > computer is the only one this is happening too. > > > > > > I have run network monitor and can not find what the > > traffic is that > > > I am receiving. I have run a antivirus scan on my computer with > > > updated DAT files and found nothing. I have looked at my > > services and > > > did not find anything different. > > > > > > This only happens on my work network, not at home. Does > > anyone have > > > any ideas? > > > > > > Justin A. Salandra, MCSE > > > Senior Network Engineer > > > Catholic Healthcare System > > > 212.752.7300 - office > > > 917.455.0110 - cell > > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : > > http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > -- > > Bill Moran > > Potential Technologies > > http://www.potentialtech.com > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
