RE: LAN Activity Help

Hello Andy,

Thank you for posting to the SBS Newsgroup.

According to your description, I understand that you noticed the lights on
two NICs and Ethernet Ports keep on winking. If I have misunderstood your
concern, please let me know.

a. When did this issue occur? Did you install any updates or make any
change on your server recently?

b. Does your server work well? Do all your domain clients can access the
Internet, send/receive emails internally and externally?

For your additional information:

1. On the server, run "eventvwr" (without quotation marks), check whether
there is Event ID 537, if yes, double click it, click the Copy button and
paste the full content to the Newsgroup.

On SBS 2003 Server, the full security audit is enabled by default, so that
you are able to monitor the server and network access events if needed.
Event ID 537 means Logon failure, the logon attempt failed for other
reasons.

Account Passwords and Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
security/bpactlck.mspx

Auditing User Authentication
http://support.microsoft.com/?id=174073

Audit logon events
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/e104c96f-e243-41c5-aaea-d046555a079d.mspx

2. You also can use Netmon to trace your network traffic. To do so:

A. Download and install Netmon

a. Download the ZIP file at
ftp://ftp.microsoft.com/pss/tools/netmon/netmon2.zip (about 4MB).

b. Extract both of the following two files in netmon2.zip to a folder:

" qfesetup.EXE

" license.txt

Note: The password is trace. The installation will fail if you directly run
the execute file within netmon2.zip.

c. Run QFESETUP.EXE and follow the wizard to proceed with the installation.

B. Use Netmon to capture the network package.

Basically we just choose the network interface in the capture - networks
menu. Use ipconfig /all to learn the MAC address of the network cards so
that you know which interface you are capturing.

[Note]: Please DO set the ''capture buffer size'' to 10 MB. This gives
enough space usually.

a. Click Start, (All) Programs, Administrative Tools, Network Analysis
Tools, and then Network Monitor.

b. You will see the Select a network window. Highlight one entry in the
left pane and then if you see the "Dial-up Connection False", please select
the entry (it is the network card) and then click OK.

c. Click Buffer Settings on the Capture menu, set the Buffer Size (MB) to
10.

d. Click Start on the Capture menu, and then perform the test desribed in
Notes (above).

e. After the FTP connection is made successfully, please click Stop and
view on the Capture menu.

f. Click File->Save as and then type a file name, click Save.

g. You can analysis the file and check the network traffic.

[Note]: To analysis the Netmon trace, you need to contact our Product
Support Services (PSS) via telephone as we do not analysis Netmon trace in
the Public Newsgroup. Please be advised that contacting phone support will
be a charged call.

To obtain the phone numbers for specific technology request please take a
look at the web site listed below.

http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.

Some useful Documents:

Securing Your Windows Small Business Server 2003 Network
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-
b287-c31115ef10a4&displaylang=en

Threats and Countermeasures: Security Settings in Windows Server 2003 and
Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-
9346-F93A4081EEA8&displaylang=en

Hope this information helps. If anything is unclear, please let me know. I
am looking forward to hearing from you!


Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
>Thread-Topic: LAN Activity Help
>thread-index: AcW+Al2UfPjNTSFoTxurTvv4wanBHQ==
>X-WBNR-Posting-Host: 209.221.140.112
>From: "=?Utf-8?B?Tm9ydGh3ZXN0IFVwZ3JhZGVzIFBsdXM=?="
<andyn@xxxxxxxxxxxxxxxxxx(donotspam)>
>Subject: LAN Activity Help
>Date: Tue, 20 Sep 2005 09:43:01 -0700
>Lines: 8
>Message-ID: <0F91A447-5ED6-4CD1-AEDE-F3E4B347C63C@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:154878
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I have SBS 2003 Standard and am running 2 NIC with Remote Access
capability.
>Here's the problem. The lights between my Internet LAN Card, Firewall Wan
and
>Ethernet Ports and DSL Router are all constantly blinking. I have narrowed
>this down to just the Server, and am pretty sure it is internal, as I
>unplugged the Router and the same thing happens. Is there a way to find
out
>what is accessing the network when i know there is no traffic on it?
>--
>Thanks for your help.
>

.

Loading