"PC" <paulm DOT c at iol DOT ie> wrote in message
news:(E-Mail Removed)...
> Could anybody explain why I might be experiencing a laarge increase of
> netbios traffic on our network recently.
I supect that they aren't increasing, but rather you just now noticed them.
> These packets seem to come from all machines. I noticed the problem first
> because I have netbios blocked at the firewall and they seem to be trying
to
> get outside (Sample from Firewall log - 2004/07/20 03:03:52.688 - UDP
packet
> dropped - Source:192.168.1.2, 137, LAN - Destination:192.168.1.255, 137,
> WAN - NetBios)
They aren't trying to get outside. If the Firewall's internal interface is
the same subnet as these clients then it is going to recieve these. They
are sent to the *.255 address which is a broadcast address of that subnet
which includes the Firewall. The queries are simply going *to* the
Firewall, not *though* it, because they do not cross over subnets.
> When I examine these packets using Ethereal they appear to be Name queries
> to one or other of the DC's or Host announcements from the individual
> system.
Yes. That is what they are. The DC maintains the "browse list" and uses the
broadcasts to build and maintain the list. This is all normal traffic. This
is why LANs are broken into subnets using LAN Routers to keep these
broadcast from adversly effecting LAN performance. The more Hosts on a
segment the worse it gets, so you break the LAN up into smaller segments
which traps these in each segment (remember they don't cross routers) so
that everything becomes less congested and more managable.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Similar Threads
Linear Mode
