Swamped with NetBios Broadcast Traffic
We have a CentOS linux server running Samba with Fedora Active Directory. Since yesterday, our subnet was swamped with netbios broadcast traffic - about 2-6Mbps... just wondering if there's any suggestions where we could start to try and resolve the problem?
|
My first reaction is either something is horribly broken, or you are actually seeing Netbios traffic over IP. Most commonly seen in Windows peer to peer communications. IE: IP ports 137 and 138.
You did not say which program you're using to see the traffic. You should be able to see a source MAC address in the trap. If you have a managed switch you should be able to determine the location of the source MAC address. Or, run nmap mysubnet/mask -p 138. Example: nmap 192.168.1.64/28 -p 138 This will list all the IP and MAC's, as well as all hosts with the netbios port open. |
I am using iptraf to view the traffic - majority of the traffic is on UDP138.
Actually - we found the problem - there was a patch cable plugged in as a loop... |
All times are GMT -5. The time now is 03:25 AM. |