Broadcast traffic

pts.
Tags:
Desktops
DHCP
DNS
Management
Microsoft Windows
Networking
Networking services
OS
Security
Servers
SQL Server
Dear all Thanks for taking the time to read this. Recently I ran netmon on my only AD server- it captured alot of broadcast traffic- specifically from alot of hosts. The message being NS query req. for TINA, I dont have a machine called TINA on my network however it is possible there once was (before I joined the firm). How can I can I get rid of theses queries?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Either you had a machine of name ‘TINA’ which provided a service (P2P?) to a lot of your hosts or you have a virus/worm looking for its source. Go to any of the hosts generating a lookup request for ‘TINA’ and try to ID the program/service making the request. You can then remove or redirect the program/service. Remember that network printers are also subject to name resolution. If someone had shared a printer in the past, Windows will keep looking for it every time it starts up. In Windows Explorer under the ‘tools’ menu -> folder options on the ‘view’ tab — uncheck the find shared drives and printers to alleviate that problem.
Good luck.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bobkberg
    Another possible source of information is to open a command prompt and do an "ipconfig /displaydns" which will dump out the entire name cache - including some NetBIOS queries. That may also help you in following Howard2nd's advice. Bob
    1,070 pointsBadges:
    report
  • Larrythethird
    The name does get cached for a given time on the PDC. Another good tool would be to run "nbtstat -a tina". If it is on your network, someone could be bringing in their personally owned laptop or some other device, you should get an IP address of the PC. By following the arp trail through your switches, you can find where the PC is.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following