Re: Broadcast

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Herb Martin (news_at_LearnQuick.com)
Date: 02/19/05 

Date: Sat, 19 Feb 2005 17:41:40 -0600

"Preacher Man" <SLawson@bouldincorp.com> wrote in message
news:OSDlGOqFFHA.2756@TK2MSFTNGP15.phx.gbl...
> How do I tell what kind of traffic it is? I am not seeing that in NetMon.
> Please keep in mind also that I only have the standard version that comes
> with Win2K Server.
>

I open NetMon [even server version]; capture packets;
hit Capture -> Start; [wait a while or induce some traffic];
hit Capture -> Stop and View.

Most packets are obvious from the PROTOCOL column.
(Also combined with the Description column.)

Click a packet to see (parsed) detail and hex/ASCII dump
windows -- click again to get back to summary only. 

-- 
Herb Martin
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:Ogq6wahFFHA.1836@tk2msftngp13.phx.gbl...
> > "Preacher Man" <SLawson@bouldincorp.com> wrote in message
> > news:OwxuhrgFFHA.1292@TK2MSFTNGP10.phx.gbl...
> > > I do have a WINS.  It looks like about 3% is broadcast traffic.  I
also
> > have
> > > ethereal installed.
> >
> > That is not excessive but it might be more than
> > necessary.  Also it might be less that it appears
> > if you haven't got much real data traversing the
> > net. (1 is 10% of 10 etc.)
> >
> > Are all of your machines (DCs, WINS servers, every
> > client) also WINS clients?  (They should be.)
> >
> > Why?  If "servers" aren't WINS clients they never
> > register themselves and then are not in the WINS
> > database for (real) clients to find -- same is true
> > for (dynamic) DNS.
> >
> > Also DHCP WINS clients must have the option for
> > Node Type set (usually to 8 which is WINS first,
> > broadcast only if it fails.)
> >
> > > Do you know the filter to just display broadcast
> > > traffic?  Ethereal might tell me a bit more than the standard Network
> > > Monitor.
> >
> > Not off the top of my head -- but in NetMon
> > (included with every server) the broadcasts
> > are given as a percent and it has a "visual
> > language" for setting up capture and display
> > filters.
> >
> > Also, once you capture a bunch of stuff, you
> > can probably spot the broadcasts and then
> > filter on their traffic (types.)
> >
> > Give me some examples of the broadcast packets...
> >
> > There should be almost no NetBIOS traffic if you
> > have WINS (client and server) right.
> >
> >
> > -- 
> > Herb Martin
> >
> >
> > >
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > > > "Preacher Man" <SLawson@bouldincorp.com> wrote in message
> > > > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > > > I am trying to monitor my traffic to see if I am having excess
> > > broadcasts
> > > > on
> > > > > my network.
> > > >
> > > > Reasonable, but it is usually easier to just
> > > > setup so that it isn't happening -- then look
> > > > for exceptions.
> > > >
> > > > > I realize that there will usually be some broadcast, but what
> > > > > is normal for a network of about 60 pc's?  In about 5 minutes I
have
> > had
> > > > > about 230 broadcast.
> > > >
> > > > That means each PC broadcast about once per minute
> > > > or had about 4 broadcasts each.
> > > >
> > > > How much traffic do you have overall?  What percentage
> > > > of the packets are broadcast?  This will tell more than
> > > > raw numbers usually.
> > > >
> > > > WHAT are the broadcasts?  (What type? What protocol?)
> > > >
> > > > What were they doing?  This is NOT a lot of traffic but
> > > > it seems odd -- IP machines MUCH broadcast for IP
> > > > resolution (ARP) but this caches so this wouldn't seem
> > > > to account for it unless they were all just turned on (finding
> > > > 3 servers each and a gateway/router) or something similar.
> > > >
> > > > They MAY broadcast for NetBIOS resolution (especially
> > > > if you have No WINS server and only one subnet.)  We
> > > > might attribute half the broadcasts to NetBIOS and half
> > > > to ARP but we can stop the NetBIOS (totally or nearly
> > > > so) with WINS server.
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Multiserver, multiclient, IP Address DCHP nightmare from hell
    ... using anything outside of my control (like a database that someone ... but i reckon the broadcast solution is 'optimal':o). ... IP has changed after the server has restarted. ... What's the best way to get the clients to find the server if its IP has ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Distributed OODBMS
    ... then it sends a request to the server. ... and all the clients listen for those broadcasts. ... get a complete copy from the broadcast, then they just don't update their local ... However this as well would be a complete rewrite from scratch. ...
    (comp.lang.smalltalk.dolphin)
  • Re: security issue 2003 server enterprise edition
    ... > I have a server with windows 2003 server enterprise ver. ... > option in the windows media player to see the broadcast. ... > I woud like for clients to type a domain name followed by the publishing ... For this you will need a record to be created in an intereat facing DNS ...
    (microsoft.public.windows.server.general)
  • Re: A weird error in event viewer
    ... blocking those broadcast packets (packets going to Port 135 are also blocked ... Getting the DHCP to assign the DNS server address is fine AS LONG ... Maybe you could sell them on the idea of a CLASS for your clients ...
    (microsoft.public.windows.server.active_directory)
  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)