Hello All,
Quick overview of our network. We have a class c block of ips (192.168.0.0 255.255.252.0) that connects our end users and servers. A couple of months ago there was some problems with our mail flow from web server to exchange. A consultant came in a setup a separate network on top of current (10.100.100.0 255.255.255.0) He setup no routes, nothing he only bound an extra IP address to all of our mail related servers.
The problem we are having now is our UDP traffic is exceeding our TCP traffic. It looks the source is from 10.100.100.10 which our main web server, running Win2k SP4 & IIS5. The broadcast is starting to cripple our network as each device is responding to the UDP broadcast. Here is a sample sniff of our network. Any ideas, suggestions, questions are welcome. Thnx.
"33", "2.592408", "10.100.100.10", "10.100.100.255", "UDP", "Source port: 2722 Destination port: 1100"
"34", "2.597436", "192.168.0.217", "192.168.3.255", "UDP", "Source port: 2723 Destination port: 1100"
"35", "2.597814", "192.168.1.21", "192.168.3.255", "UDP", "Source port: 2724 Destination port: 1100"
"36", "2.598122", "192.168.2.2", "192.168.3.255", "UDP", "Source port: 2725 Destination port: 1100"
"37", "2.598726", "192.168.2.3", "192.168.3.255", "UDP", "Source port: 2726 Destination port: 1100"
"38", "2.599759", "192.168.2.6", "192.168.3.255", "MGCP", ""
"39", "2.600229", "192.168.2.7", "192.168.3.255", "UDP", "Source port: 2729 Destination port: 1100"
"40", "2.601448", "192.168.2.8", "192.168.3.255", "UDP", "Source port: 2730 Destination port: 1100"
"41", "2.602376", "192.168.2.9", "192.168.3.255", "UDP", "Source port: 2731 Destination port: 1100"
"42", "2.602815", "192.168.2.10", "192.168.3.255", "UDP", "Source port: 2732 Destination port: 1100"
|
