Home All Groups Group Topic Archive Search About

Broadcast

microsoft.public.win2000.networking
Author
18 Feb 2005 10:07 PM
Preacher Man
I am trying to monitor my traffic to see if I am having excess broadcasts on
my network.  I realize that there will usually be some broadcast, but what
is normal for a network of about 60 pc's?  In about 5 minutes I have had
about 230 broadcast.

Author
18 Feb 2005 10:18 PM
Herb Martin
"Preacher Man" <SLaw***@bouldincorp.com> wrote in message
news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> I am trying to monitor my traffic to see if I am having excess broadcasts
on
> my network.

Reasonable, but it is usually easier to just
setup so that it isn't happening -- then look
for exceptions.

> I realize that there will usually be some broadcast, but what
> is normal for a network of about 60 pc's?  In about 5 minutes I have had
> about 230 broadcast.

That means each PC broadcast about once per minute
or had about 4 broadcasts each.

How much traffic do you have overall?  What percentage
of the packets are broadcast?  This will tell more than
raw numbers usually.

WHAT are the broadcasts?  (What type? What protocol?)

What were they doing?  This is NOT a lot of traffic but
it seems odd -- IP machines MUCH broadcast for IP
resolution (ARP) but this caches so this wouldn't seem
to account for it unless they were all just turned on (finding
3 servers each and a gateway/router) or something similar.

They MAY broadcast for NetBIOS resolution (especially
if you have No WINS server and only one subnet.)  We
might attribute half the broadcasts to NetBIOS and half
to ARP but we can stop the NetBIOS (totally or nearly
so) with WINS server.
Author
18 Feb 2005 10:38 PM
Preacher Man
I do have a WINS.  It looks like about 3% is broadcast traffic.  I also have
ethereal installed.  Do you know the filter to just display broadcast
traffic?  Ethereal might tell me a bit more than the standard Network
Monitor.


Show quote
"Herb Martin" <n***@LearnQuick.com> wrote in message
news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > I am trying to monitor my traffic to see if I am having excess
broadcasts
> on
> > my network.
>
> Reasonable, but it is usually easier to just
> setup so that it isn't happening -- then look
> for exceptions.
>
> > I realize that there will usually be some broadcast, but what
> > is normal for a network of about 60 pc's?  In about 5 minutes I have had
> > about 230 broadcast.
>
> That means each PC broadcast about once per minute
> or had about 4 broadcasts each.
>
> How much traffic do you have overall?  What percentage
> of the packets are broadcast?  This will tell more than
> raw numbers usually.
>
> WHAT are the broadcasts?  (What type? What protocol?)
>
> What were they doing?  This is NOT a lot of traffic but
> it seems odd -- IP machines MUCH broadcast for IP
> resolution (ARP) but this caches so this wouldn't seem
> to account for it unless they were all just turned on (finding
> 3 servers each and a gateway/router) or something similar.
>
> They MAY broadcast for NetBIOS resolution (especially
> if you have No WINS server and only one subnet.)  We
> might attribute half the broadcasts to NetBIOS and half
> to ARP but we can stop the NetBIOS (totally or nearly
> so) with WINS server.
>
>
>
>
Author
18 Feb 2005 11:37 PM
Herb Martin
"Preacher Man" <SLaw***@bouldincorp.com> wrote in message
news:OwxuhrgFFHA.1292@TK2MSFTNGP10.phx.gbl...
> I do have a WINS.  It looks like about 3% is broadcast traffic.  I also
have
> ethereal installed.

That is not excessive but it might be more than
necessary.  Also it might be less that it appears
if you haven't got much real data traversing the
net. (1 is 10% of 10 etc.)

Are all of your machines (DCs, WINS servers, every
client) also WINS clients?  (They should be.)

Why?  If "servers" aren't WINS clients they never
register themselves and then are not in the WINS
database for (real) clients to find -- same is true
for (dynamic) DNS.

Also DHCP WINS clients must have the option for
Node Type set (usually to 8 which is WINS first,
broadcast only if it fails.)

> Do you know the filter to just display broadcast
> traffic?  Ethereal might tell me a bit more than the standard Network
> Monitor.

Not off the top of my head -- but in NetMon
(included with every server) the broadcasts
are given as a percent and it has a "visual
language" for setting up capture and display
filters.

Also, once you capture a bunch of stuff, you
can probably spot the broadcasts and then
filter on their traffic (types.)

Give me some examples of the broadcast packets...

There should be almost no NetBIOS traffic if you
have WINS (client and server) right.


--
Herb Martin


Show quote
>
>
> "Herb Martin" <n***@LearnQuick.com> wrote in message
> news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > I am trying to monitor my traffic to see if I am having excess
> broadcasts
> > on
> > > my network.
> >
> > Reasonable, but it is usually easier to just
> > setup so that it isn't happening -- then look
> > for exceptions.
> >
> > > I realize that there will usually be some broadcast, but what
> > > is normal for a network of about 60 pc's?  In about 5 minutes I have
had
> > > about 230 broadcast.
> >
> > That means each PC broadcast about once per minute
> > or had about 4 broadcasts each.
> >
> > How much traffic do you have overall?  What percentage
> > of the packets are broadcast?  This will tell more than
> > raw numbers usually.
> >
> > WHAT are the broadcasts?  (What type? What protocol?)
> >
> > What were they doing?  This is NOT a lot of traffic but
> > it seems odd -- IP machines MUCH broadcast for IP
> > resolution (ARP) but this caches so this wouldn't seem
> > to account for it unless they were all just turned on (finding
> > 3 servers each and a gateway/router) or something similar.
> >
> > They MAY broadcast for NetBIOS resolution (especially
> > if you have No WINS server and only one subnet.)  We
> > might attribute half the broadcasts to NetBIOS and half
> > to ARP but we can stop the NetBIOS (totally or nearly
> > so) with WINS server.
> >
> >
> >
> >
>
>
Author
19 Feb 2005 4:50 PM
Preacher Man
How do I tell what kind of traffic it is?  I am not seeing that in NetMon.
Please keep in mind also that I only have the standard version that comes
with Win2K Server.


Show quote
"Herb Martin" <n***@LearnQuick.com> wrote in message
news:Ogq6wahFFHA.1836@tk2msftngp13.phx.gbl...
> "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> news:OwxuhrgFFHA.1292@TK2MSFTNGP10.phx.gbl...
> > I do have a WINS.  It looks like about 3% is broadcast traffic.  I also
> have
> > ethereal installed.
>
> That is not excessive but it might be more than
> necessary.  Also it might be less that it appears
> if you haven't got much real data traversing the
> net. (1 is 10% of 10 etc.)
>
> Are all of your machines (DCs, WINS servers, every
> client) also WINS clients?  (They should be.)
>
> Why?  If "servers" aren't WINS clients they never
> register themselves and then are not in the WINS
> database for (real) clients to find -- same is true
> for (dynamic) DNS.
>
> Also DHCP WINS clients must have the option for
> Node Type set (usually to 8 which is WINS first,
> broadcast only if it fails.)
>
> > Do you know the filter to just display broadcast
> > traffic?  Ethereal might tell me a bit more than the standard Network
> > Monitor.
>
> Not off the top of my head -- but in NetMon
> (included with every server) the broadcasts
> are given as a percent and it has a "visual
> language" for setting up capture and display
> filters.
>
> Also, once you capture a bunch of stuff, you
> can probably spot the broadcasts and then
> filter on their traffic (types.)
>
> Give me some examples of the broadcast packets...
>
> There should be almost no NetBIOS traffic if you
> have WINS (client and server) right.
>
>
> --
> Herb Martin
>
>
> >
> >
> > "Herb Martin" <n***@LearnQuick.com> wrote in message
> > news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > > I am trying to monitor my traffic to see if I am having excess
> > broadcasts
> > > on
> > > > my network.
> > >
> > > Reasonable, but it is usually easier to just
> > > setup so that it isn't happening -- then look
> > > for exceptions.
> > >
> > > > I realize that there will usually be some broadcast, but what
> > > > is normal for a network of about 60 pc's?  In about 5 minutes I have
> had
> > > > about 230 broadcast.
> > >
> > > That means each PC broadcast about once per minute
> > > or had about 4 broadcasts each.
> > >
> > > How much traffic do you have overall?  What percentage
> > > of the packets are broadcast?  This will tell more than
> > > raw numbers usually.
> > >
> > > WHAT are the broadcasts?  (What type? What protocol?)
> > >
> > > What were they doing?  This is NOT a lot of traffic but
> > > it seems odd -- IP machines MUCH broadcast for IP
> > > resolution (ARP) but this caches so this wouldn't seem
> > > to account for it unless they were all just turned on (finding
> > > 3 servers each and a gateway/router) or something similar.
> > >
> > > They MAY broadcast for NetBIOS resolution (especially
> > > if you have No WINS server and only one subnet.)  We
> > > might attribute half the broadcasts to NetBIOS and half
> > > to ARP but we can stop the NetBIOS (totally or nearly
> > > so) with WINS server.
> > >
> > >
> > >
> > >
> >
> >
>
>
Author
19 Feb 2005 11:41 PM
Herb Martin
"Preacher Man" <SLaw***@bouldincorp.com> wrote in message
news:OSDlGOqFFHA.2756@TK2MSFTNGP15.phx.gbl...
> How do I tell what kind of traffic it is?  I am not seeing that in NetMon.
> Please keep in mind also that I only have the standard version that comes
> with Win2K Server.
>

I open NetMon [even server version]; capture packets;
hit Capture -> Start;  [wait a while or induce some traffic];
hit Capture -> Stop and View.

Most packets are obvious from the PROTOCOL column.
(Also combined with the Description column.)

Click a packet to see (parsed) detail and hex/ASCII dump
windows -- click again to get back to summary only.

--
Herb Martin


Show quote
>
> "Herb Martin" <n***@LearnQuick.com> wrote in message
> news:Ogq6wahFFHA.1836@tk2msftngp13.phx.gbl...
> > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > news:OwxuhrgFFHA.1292@TK2MSFTNGP10.phx.gbl...
> > > I do have a WINS.  It looks like about 3% is broadcast traffic.  I
also
> > have
> > > ethereal installed.
> >
> > That is not excessive but it might be more than
> > necessary.  Also it might be less that it appears
> > if you haven't got much real data traversing the
> > net. (1 is 10% of 10 etc.)
> >
> > Are all of your machines (DCs, WINS servers, every
> > client) also WINS clients?  (They should be.)
> >
> > Why?  If "servers" aren't WINS clients they never
> > register themselves and then are not in the WINS
> > database for (real) clients to find -- same is true
> > for (dynamic) DNS.
> >
> > Also DHCP WINS clients must have the option for
> > Node Type set (usually to 8 which is WINS first,
> > broadcast only if it fails.)
> >
> > > Do you know the filter to just display broadcast
> > > traffic?  Ethereal might tell me a bit more than the standard Network
> > > Monitor.
> >
> > Not off the top of my head -- but in NetMon
> > (included with every server) the broadcasts
> > are given as a percent and it has a "visual
> > language" for setting up capture and display
> > filters.
> >
> > Also, once you capture a bunch of stuff, you
> > can probably spot the broadcasts and then
> > filter on their traffic (types.)
> >
> > Give me some examples of the broadcast packets...
> >
> > There should be almost no NetBIOS traffic if you
> > have WINS (client and server) right.
> >
> >
> > --
> > Herb Martin
> >
> >
> > >
> > >
> > > "Herb Martin" <n***@LearnQuick.com> wrote in message
> > > news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > > > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > > > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > > > I am trying to monitor my traffic to see if I am having excess
> > > broadcasts
> > > > on
> > > > > my network.
> > > >
> > > > Reasonable, but it is usually easier to just
> > > > setup so that it isn't happening -- then look
> > > > for exceptions.
> > > >
> > > > > I realize that there will usually be some broadcast, but what
> > > > > is normal for a network of about 60 pc's?  In about 5 minutes I
have
> > had
> > > > > about 230 broadcast.
> > > >
> > > > That means each PC broadcast about once per minute
> > > > or had about 4 broadcasts each.
> > > >
> > > > How much traffic do you have overall?  What percentage
> > > > of the packets are broadcast?  This will tell more than
> > > > raw numbers usually.
> > > >
> > > > WHAT are the broadcasts?  (What type? What protocol?)
> > > >
> > > > What were they doing?  This is NOT a lot of traffic but
> > > > it seems odd -- IP machines MUCH broadcast for IP
> > > > resolution (ARP) but this caches so this wouldn't seem
> > > > to account for it unless they were all just turned on (finding
> > > > 3 servers each and a gateway/router) or something similar.
> > > >
> > > > They MAY broadcast for NetBIOS resolution (especially
> > > > if you have No WINS server and only one subnet.)  We
> > > > might attribute half the broadcasts to NetBIOS and half
> > > > to ARP but we can stop the NetBIOS (totally or nearly
> > > > so) with WINS server.
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Author
18 Feb 2005 10:47 PM
Preacher Man
About half of my broadcast was coming from a printer that seldom is used.
So I unplugged it.  That will help, and I also noticed that one of my
servers is putting out quite a bit of Broadcasts.  Is there any way to tell
what it is on the PC that is broadcasting?

Thanks Again.

Show quote
"Herb Martin" <n***@LearnQuick.com> wrote in message
news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > I am trying to monitor my traffic to see if I am having excess
broadcasts
> on
> > my network.
>
> Reasonable, but it is usually easier to just
> setup so that it isn't happening -- then look
> for exceptions.
>
> > I realize that there will usually be some broadcast, but what
> > is normal for a network of about 60 pc's?  In about 5 minutes I have had
> > about 230 broadcast.
>
> That means each PC broadcast about once per minute
> or had about 4 broadcasts each.
>
> How much traffic do you have overall?  What percentage
> of the packets are broadcast?  This will tell more than
> raw numbers usually.
>
> WHAT are the broadcasts?  (What type? What protocol?)
>
> What were they doing?  This is NOT a lot of traffic but
> it seems odd -- IP machines MUCH broadcast for IP
> resolution (ARP) but this caches so this wouldn't seem
> to account for it unless they were all just turned on (finding
> 3 servers each and a gateway/router) or something similar.
>
> They MAY broadcast for NetBIOS resolution (especially
> if you have No WINS server and only one subnet.)  We
> might attribute half the broadcasts to NetBIOS and half
> to ARP but we can stop the NetBIOS (totally or nearly
> so) with WINS server.
>
>
>
>
Author
18 Feb 2005 11:39 PM
Herb Martin
"Preacher Man" <SLaw***@bouldincorp.com> wrote in message
news:eju56wgFFHA.560@TK2MSFTNGP15.phx.gbl...
> About half of my broadcast was coming from a printer that seldom is used.
> So I unplugged it.  That will help, and I also noticed that one of my
> servers is putting out quite a bit of Broadcasts.  Is there any way to
tell
> what it is on the PC that is broadcasting?

NetMon.

And check those WINS CLIENT settings I mentioned
in another message.

But if you need the printer (ever) you probably
can tolerate 3% (and it probably wasn't most of
that anyway.)  What type?

--
Herb Martin


Show quote
>
> Thanks Again.
>
> "Herb Martin" <n***@LearnQuick.com> wrote in message
> news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > I am trying to monitor my traffic to see if I am having excess
> broadcasts
> > on
> > > my network.
> >
> > Reasonable, but it is usually easier to just
> > setup so that it isn't happening -- then look
> > for exceptions.
> >
> > > I realize that there will usually be some broadcast, but what
> > > is normal for a network of about 60 pc's?  In about 5 minutes I have
had
> > > about 230 broadcast.
> >
> > That means each PC broadcast about once per minute
> > or had about 4 broadcasts each.
> >
> > How much traffic do you have overall?  What percentage
> > of the packets are broadcast?  This will tell more than
> > raw numbers usually.
> >
> > WHAT are the broadcasts?  (What type? What protocol?)
> >
> > What were they doing?  This is NOT a lot of traffic but
> > it seems odd -- IP machines MUCH broadcast for IP
> > resolution (ARP) but this caches so this wouldn't seem
> > to account for it unless they were all just turned on (finding
> > 3 servers each and a gateway/router) or something similar.
> >
> > They MAY broadcast for NetBIOS resolution (especially
> > if you have No WINS server and only one subnet.)  We
> > might attribute half the broadcasts to NetBIOS and half
> > to ARP but we can stop the NetBIOS (totally or nearly
> > so) with WINS server.
> >
> >
> >
> >
>
>
Author
19 Feb 2005 4:53 PM
Preacher Man
I did check one of clients that was giving some broadcast.  The IPCONFIG
said they were in Hybrid mode.  Since this is right what else could be
broadcasting?  I also left in a previous thread asking how to tell what kind
of broadcast it is?

Thanks for your help.


Show quote
"Herb Martin" <n***@LearnQuick.com> wrote in message
news:usURxahFFHA.1836@tk2msftngp13.phx.gbl...
> "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> news:eju56wgFFHA.560@TK2MSFTNGP15.phx.gbl...
> > About half of my broadcast was coming from a printer that seldom is
used.
> > So I unplugged it.  That will help, and I also noticed that one of my
> > servers is putting out quite a bit of Broadcasts.  Is there any way to
> tell
> > what it is on the PC that is broadcasting?
>
> NetMon.
>
> And check those WINS CLIENT settings I mentioned
> in another message.
>
> But if you need the printer (ever) you probably
> can tolerate 3% (and it probably wasn't most of
> that anyway.)  What type?
>
> --
> Herb Martin
>
>
> >
> > Thanks Again.
> >
> > "Herb Martin" <n***@LearnQuick.com> wrote in message
> > news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > > I am trying to monitor my traffic to see if I am having excess
> > broadcasts
> > > on
> > > > my network.
> > >
> > > Reasonable, but it is usually easier to just
> > > setup so that it isn't happening -- then look
> > > for exceptions.
> > >
> > > > I realize that there will usually be some broadcast, but what
> > > > is normal for a network of about 60 pc's?  In about 5 minutes I have
> had
> > > > about 230 broadcast.
> > >
> > > That means each PC broadcast about once per minute
> > > or had about 4 broadcasts each.
> > >
> > > How much traffic do you have overall?  What percentage
> > > of the packets are broadcast?  This will tell more than
> > > raw numbers usually.
> > >
> > > WHAT are the broadcasts?  (What type? What protocol?)
> > >
> > > What were they doing?  This is NOT a lot of traffic but
> > > it seems odd -- IP machines MUCH broadcast for IP
> > > resolution (ARP) but this caches so this wouldn't seem
> > > to account for it unless they were all just turned on (finding
> > > 3 servers each and a gateway/router) or something similar.
> > >
> > > They MAY broadcast for NetBIOS resolution (especially
> > > if you have No WINS server and only one subnet.)  We
> > > might attribute half the broadcasts to NetBIOS and half
> > > to ARP but we can stop the NetBIOS (totally or nearly
> > > so) with WINS server.
> > >
> > >
> > >
> > >
> >
> >
>
>
Author
19 Feb 2005 11:56 PM
Herb Martin
"Preacher Man" <SLaw***@bouldincorp.com> wrote in message
news:OUumqPqFFHA.464@TK2MSFTNGP15.phx.gbl...
> I did check one of clients that was giving some broadcast.  The IPCONFIG
> said they were in Hybrid mode.  Since this is right what else could be
> broadcasting?  I also left in a previous thread asking how to tell what
kind
> of broadcast it is?

That is a good START but it won't prevent all
NetBIOS broadcasts (since Hybrid does WINS
server first AND then tries broadcasts if the target
is not found.)

Two main reasons for the target not being found:

    1) Target is an internal NetBIOS machine that is NOT a
        WINS client and so not registered (as it should
        be.)

    2) Target is NOT an internal machine and we are searching
        WINS (uselessly) and then broadcasting for something
        that will never be found -- this is cause by an often overlooked
        setting which has DNS fail over to NetBIOS METHODS
        when it fails to find resolution -- there is a registry setting
        for this somewhere, and if your DNS is properly setup it can
        be disabled.

    3) This previous will also happen for a MISTYPED NetBIOS
        name (uncommon for most users who click) or a NetBIOS
        name that is still in the browse lists but where the machine
        is now down or otherwise unreachable.

It you were REALLY concerned about NetBIOS broadcasts you
could set P-Node NetBIOS clients but this is seldom worth the
trouble nor worth losing the occasional case where the broadcast
is helping you (even in a properly installed network.)

Remember, EVERY machine should be a client of the WINS server
(even the WINS server itself.)

Oh, and there is a fourth category:  old machines, UNIX machines,
etc who for some reason don't have a WINS client stack but for
these you can always add a static WINS server entry if you really
wish to avoid these.

--
Herb Martin


Show quote
>
> Thanks for your help.
>
>
> "Herb Martin" <n***@LearnQuick.com> wrote in message
> news:usURxahFFHA.1836@tk2msftngp13.phx.gbl...
> > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > news:eju56wgFFHA.560@TK2MSFTNGP15.phx.gbl...
> > > About half of my broadcast was coming from a printer that seldom is
> used.
> > > So I unplugged it.  That will help, and I also noticed that one of my
> > > servers is putting out quite a bit of Broadcasts.  Is there any way to
> > tell
> > > what it is on the PC that is broadcasting?
> >
> > NetMon.
> >
> > And check those WINS CLIENT settings I mentioned
> > in another message.
> >
> > But if you need the printer (ever) you probably
> > can tolerate 3% (and it probably wasn't most of
> > that anyway.)  What type?
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Thanks Again.
> > >
> > > "Herb Martin" <n***@LearnQuick.com> wrote in message
> > > news:ezNTmlgFFHA.3368@TK2MSFTNGP10.phx.gbl...
> > > > "Preacher Man" <SLaw***@bouldincorp.com> wrote in message
> > > > news:uHJjvagFFHA.2232@TK2MSFTNGP14.phx.gbl...
> > > > > I am trying to monitor my traffic to see if I am having excess
> > > broadcasts
> > > > on
> > > > > my network.
> > > >
> > > > Reasonable, but it is usually easier to just
> > > > setup so that it isn't happening -- then look
> > > > for exceptions.
> > > >
> > > > > I realize that there will usually be some broadcast, but what
> > > > > is normal for a network of about 60 pc's?  In about 5 minutes I
have
> > had
> > > > > about 230 broadcast.
> > > >
> > > > That means each PC broadcast about once per minute
> > > > or had about 4 broadcasts each.
> > > >
> > > > How much traffic do you have overall?  What percentage
> > > > of the packets are broadcast?  This will tell more than
> > > > raw numbers usually.
> > > >
> > > > WHAT are the broadcasts?  (What type? What protocol?)
> > > >
> > > > What were they doing?  This is NOT a lot of traffic but
> > > > it seems odd -- IP machines MUCH broadcast for IP
> > > > resolution (ARP) but this caches so this wouldn't seem
> > > > to account for it unless they were all just turned on (finding
> > > > 3 servers each and a gateway/router) or something similar.
> > > >
> > > > They MAY broadcast for NetBIOS resolution (especially
> > > > if you have No WINS server and only one subnet.)  We
> > > > might attribute half the broadcasts to NetBIOS and half
> > > > to ARP but we can stop the NetBIOS (totally or nearly
> > > > so) with WINS server.
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

AddThis Social Bookmark Button

Post Other interesting topics
need more ip's
Delay logon until IP address is assigned
What is better TightVNC or UltraVNC ?
Does an Add-On exist for Remote Desktop for Win2000->WinXP or WinXP->Win2000 ?
Internal Interface used in NAT - what is it?