Snoop details [7:9944]

Ramesh c Tue, 26 Jun 2001 01:52:35 -0700
I did a kind of traffic study on my network and here it goes....  

1)I get about 2100 broadcast packets in 30minutes.Does that sound a alarm in
my network?

---------------------------------------------------------------------
2)Most of the Broadcast of this type...
57   0.03870  10.65.2.192 -> 10.65.2.255  NBT Datagram Service Type=17
Source=CDTOWER[20]

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 57 arrived at 14:44:47.57
ETHER:  Packet size = 266 bytes
ETHER:  Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER:  Source      = 0:60:b0:b6:b2:62, 
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 252 bytes
IP:   Identification = 22165
IP:   Flags = 0x0
IP:         .0.. .... = may fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 64 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 091c
IP:   Source address = 192.65.2.192, 192.65.2.192
IP:   Destination address = 192.65.2.255, 192.65.2.255
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 138
UDP:  Destination port = 138 (NBDG)
UDP:  Length = 232 
UDP:  Checksum = 0000 (no checksum)
UDP:  
NBT:  ----- Netbios Datagram Service Header -----
NBT:  
NBT:  Datagram Packet Type = 0x11
NBT:  Datagram Flags = 0x0a
NBT:  Datagram ID = 0xb367
NBT:  Source IP = 192.65.2.192
NBT:  Source Port = 138
NBT:  Datagram Length = 0x00d2
NBT:  Packet Offset = 0x0000
NBT:  Source Name = CDTOWER[20]
NBT:  Destination Name = RND[0]
NBT:  Number of data bytes remaining = 142
NBT:  

Is this a normal behaviour or do I need to remove netbeui protocol?
-------------------------------------------------------------------- 

3)Another type od Broadcast packet
509   0.28533            ? -> (broadcast)  ETHER Type=0000 (LLC/802.3), size
= 110 bytes
510   1.54573            ? -> (broadcast)  ETHER Type=0000 (LLC/802.3), size
= 110 bytes
511   0.72617            ? -> (broadcast)  ETHER Type=0000 (LLC/802.3), size
= 110 bytes

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 511 arrived at 14:51:52.90
ETHER:  Packet size = 110 bytes
ETHER:  Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER:  Source      = 0:8:c7:d2:4a:ab, 
ETHER:  IEEE 802.3 length = 96 bytes
ETHER:  Ethertype = 0000 (LLC/802.3)
ETHER:  

What is this broadcast packet trying to do?Or how do i debug this for more
info.

Any help would be appricated

Cheers
Ramesh




Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9944&t=9944
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Snoop details [7:9944]

Reply via email to
