Time to break out Netmon or Ethereal and learn what is going on. This is something I recommend on a regular basis anyway. Any time you have "free time" [1] you should be pulling out a network monitor and watching the traffic zipping around and try to understand what it is. 500 GIG of traffic is huge. Unless you have a massive DIT with massive changes and you are looking at a bridgehead servicing lots of DCs that figure just seems out of the park as a traffic total. Saying it is mostly ping really concerns me as ping (echo) packets are tiny.
joe [1] And you should specifically make time for this one as I have caught many issues that people were unaware of simply because the issues weren't bad enough yet to cause failures. I have found misconfigured NICs, viruses, crap apps (not much better than viruses but approved for use...), misconfigued OS'es, etc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Walker Sent: Wednesday, December 08, 2004 7:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unusual network traffic to DC's Yes, over 500 GIG and sometimes approaching a terabyte. I'm afraid I only know what the networking professional sent. He was monitoring the traffic to and from two AD DC's. From the graph he sent, it appears he is using a product called NetworkVantage? It has graphed data for 5 categories: Ping, Kerberos, SMB, Active Directory Servic, and Lightweight Dir Access. >From: "joe" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] Unusual network traffic to DC's >Date: Tue, 7 Dec 2004 19:01:37 -0500 > >Hundreds of GIG? > >When you say ping do you mean ECHO's or LDAP Pings? > >What are the sources? > >This sounds like virus traffic if anything to me if you truly have even >half or a quarter that much volume. > > joe > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury >Sent: Tuesday, December 07, 2004 4:35 PM >To: [EMAIL PROTECTED] >Subject: RE: [ActiveDir] Unusual network traffic to DC's > >I believe you are seeing the link speed detection traffic. Check out KB >article 227260 (http://support.microsoft.com/?id=227260). > >Jeff > > >Jeff Salisbury >Network Infrastructure and Security Manager > >Belkin Corporation >Information Services >310 604-2061 >310 604-2022 fax >www.belkin.com > > >-----Original Message----- >From: Jacob Walker [mailto:[EMAIL PROTECTED] >Sent: Tuesday, December 07, 2004 1:13 PM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] Unusual network traffic to DC's > >One of the networking professionals within our company that says he is >seeing hundreds of gigs of ping network traffic everyday to and from >the domain controller. Why would we see all of this ping traffic to >and from the DC's? Any ideas? > > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >Confidential >This e-mail and any files transmitted with it are the property of >Belkin Corporation and/or its affiliates, are confidential, and are >intended solely for the use of the individual or entity to whom this >e-mail is addressed. >If you are not one of the named recipients or otherwise have reason to >believe that you have received this e-mail in error, please notify the >sender and delete this message immediately from your computer. >Any other use, retention, dissemination, forwarding, printing or >copying of this e-mail is strictly prohibited. >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
