That's all he will see unless he gets the NetFlow plugin operating on a switch or router in his network. Or, he could have his PC connected to a SPAN port (not recommended, could clog the switch). 3kb/s of traffic is not going to kill his WS. Pretty typical. I have a site I'm working on currently with 30kB/s of broadcast noise. Not much in 100 mb/s links.
On Thu, Jan 29, 2009 at 10:49 PM, Burton Strauss III <[email protected] > wrote: > Well, what you are seeing is a varied collection of broadcast traffic... > > ARP - address resolution protocol - is how you find an address on the LOCAL > segment. > > NBNS - NetBIOS, a local (non-routable) protocol > > MS NLB - Microsoft Network Load Balancing protocol > > Etc. > > -----Burton > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Martin Larsson > Sent: Thursday, January 29, 2009 6:47 AM > To: [email protected] > Subject: Re: [Ntop] Non IP Traffic > > Everything is just running on my local machine, yes. > All I'm trying to do is to understand why my network-adapter is receiving > all that data. It looks like there's a fairly constant stream of about > 3Kbits... > > But thanks for the info, I'll do some more simple checks and notify my > admins. > > M. > > On Thu, Jan 29, 2009 at 3:27 PM, Walt Henley <[email protected]> > wrote: > > This trace may not be telling you the whole story. Did you put the > > Wireshark machine on a SPAN port or just run it locally connected at your > > PC? If you ran it locally connected, then all you are seeing is your > > traffic and any broadcasts that come along. Also, how are you collecting > > NTOP data? Using NetFlow or Sflow or just with a local connection. > Could > > be that it is seeing the heartbeats and deciding they are not > identifyable > > IP traffic. Try running netflow on your ethernet switches (assuming they > > are Cisco)> > > > > On Thu, Jan 29, 2009 at 8:59 AM, Martin Larsson < > [email protected]> > > wrote: > >> > >> Thanks. WireShark was interesting, and overwhelming. > >> It seems there's a lot of "MS NLB Heartbeat" each containing 1510 bytes. > >> Could that be it? > >> I've attached a sample screenshot. > >> > >> On Thu, Jan 29, 2009 at 2:16 PM, Burton Strauss III > >> <[email protected]> wrote: > >> > It means ntop is seeing a lot of traffic that isn't recognizable as > >> > tcp/ip. > >> > > >> > Depending on your connection and what you are monitoring (network > >> > topology) > >> > this could be normal (i.e. traffic wrapped in something) or it could > be > >> > odd. > >> > > >> > I usually recommend installing WireShark and letting it analyze a few > >> > dozen > >> > packets (they both use libpcap so they look at traffic the same way). > >> > If > >> > WireShark calls it differently than ntop, you probably have exposed > some > >> > bug. If they both call it non-ip, then explain your topology and we > can > >> > guide you. If you aren't sure, grab & post a screen shot of a page of > >> > random traffic from WireShark, post it and we can read what you have > >> > from > >> > there... > >> > > >> > -----Burton > >> > > >> > > >> > > >> > > >> > > >> > -----Original Message----- > >> > From: [email protected] [mailto:[email protected]] On Behalf > Of > >> > Martin Larsson > >> > Sent: Thursday, January 29, 2009 3:54 AM > >> > To: [email protected] > >> > Subject: [Ntop] Non IP Traffic > >> > > >> > I installed ntop because the system monitor told me my network was > >> > fairly > >> > active > >> > even though I wasn't actively sending or receiving anything. > >> > After about 1.5 hours of running, the traffic summary is showing me a > >> > lot of > >> > non-IP traffic. > >> > > >> > Total 26.4 MBytes [47,672 Pkts] > >> > IP Traffic 9.3 MBytes [26,718 Pkts] > >> > Fragmented IP Traffic 0 [0.0%] > >> > Non IP Traffic 17.1 MBytes > >> > > >> > What does that mean? > >> > > >> > M. > >> > _______________________________________________ > >> > Ntop mailing list > >> > [email protected] > >> > http://listgateway.unipi.it/mailman/listinfo/ntop > >> > > >> > _______________________________________________ > >> > Ntop mailing list > >> > [email protected] > >> > http://listgateway.unipi.it/mailman/listinfo/ntop > >> > > >> > >> _______________________________________________ > >> Ntop mailing list > >> [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop > >> > > > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
