win brodcast

Discussion in 'Cisco' started by John, May 22, 2005.

  1. John

    John Guest

    Hi,
    One of my remote site has been experience slowness problem after the xp2
    refresh. SoI monitor the traffic by using debug ip packet detail and below
    is the output from the debug and I find many win broadcast. Can someone tell
    me it is normal and why I am seeing so many win broadcast.
    jrd_60laff#no debug all100), d=172.16.106.191 (Ethernet0),
    g=172.16.106.191, len
    41, forward
    *Mar 1 22:21:31: TCP src=524, dst=1446, seq=564966808, ack=2194933790,
    win=
    7604 ACK
    *Mar 1 22:21:31: IP: s=65.143.227.74 (Serial1.100), d=172.16.106.52
    (Ethernet0)
    , g=172.16.106.52, len 28, forward
    *Mar 1 22:21:31: ICMP type=8, code=0
    *Mar 1 22:21:31: IP: s=65.143.227.74 (Serial1.100), d=172.16.106.52
    (Ethernet0)
    , len 28, encapsulation failed
    *Mar 1 22:21:31: ICMP type=8, code=0
    *Mar 1 22:21:31: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    172.16.106.158 -> 1
    72.16.91.105 (0/0), 1 packet
    *Mar 1 22:21:31: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.105, len 84,
    acc
    ess denied
    *Mar 1 22:21:31: ICMP type=8, code=0
    *Mar 1 22:21:31: IP: s=172.16.106.1 (local), d=172.16.106.158 (Ethernet0),
    len
    56, sending
    *Mar 1 22:21:31: ICMP type=3, code=13
    *Mar 1 22:21:31: IP: s=172.16.5.204 (Serial1.100), d=172.16.106.191
    (Ethernet0)
    , g=172.16.106.191, len 41, forward
    *Mar 1 22:21:31: TCP src=524, dst=1446, seq=564966808, ack=2194933790,
    win=
    7604 ACK
    *Mar 1 22:21:31: IP: s=172.16.106.191 (Ethernet0), d=172.16.5.204
    (Serial1.100)
    , g=172.16.246.81, len 40, forward
    *Mar 1 22:21:31: TCP src=1446, dst=524, seq=2194933790, ack=564966809,
    win=
    63924 ACK
    *Mar 1 22:21:31: IP: s=172.16.106.158 (Ethernet0), d=172.16.111.102, len
    84, ac
    cess denied
    *Mar 1 22:21:31: ICMP type=8, code=0
    *Mar 1 22:21:31: IP: s=172.16.106.191 (Ethernet0), d=172.16.5.204
    (Serial1.100)
    , g=172.16.246.81, len 40, forward
    *Mar 1 22:21:31: TCP src=1446, dst=524, seq=2194933790, ack=564966809,
    win=
    63924 ACK
    *Mar 1 22:21:33: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    172.16.106.158 -> 1
    72.16.91.99 (0/0), 1 packet
    *Mar 1 22:21:33: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.99, len 84,
    acce
    ss denied
    *Mar 1 22:21:33: ICMP type=8, code=0
    *Mar 1 22:21:33: IP: s=172.16.106.1 (local), d=172.16.106.158 (Ethernet0),
    len
    56, sending
    *Mar 1 22:21:33: ICMP type=3, code=13
    *Mar 1 22:21:33: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.96, len 84,
    acce
    ss denied
    *Mar 1 22:21:33: ICMP type=8, code=0
    *Mar 1 22:21:33: IP: s=172.16.106.1 (local), d=224.0.0.10 (Ethernet0), len
    60,
    sending broad/multicast, proto=88
    *Mar 1 22:21:33: IP: s=172.16.246.81 (Serial1.100), d=224.0.0.10, len 60,
    rcvd
    2, proto=88
    *Mar 1 22:21:34: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    172.16.106.158 -> 1
    72.16.91.76 (0/0), 1 packet
    *Mar 1 22:21:34: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.76, len 84,
    acce
    ss denied
    *Mar 1 22:21:34: ICMP type=8, code=0
    *Mar 1 22:21:34: IP: s=172.16.106.1 (local), d=172.16.106.158 (Ethernet0),
    len
    56, sending
    term mon22:21:34: ICMP type=3, code=13
    *Mar 1 22:21:34: IP: s=172.16.246.82 (local), d=224.0.0.10 (Serial1.100),
    len
     
    John, May 22, 2005
    #1
    1. Advertising

  2. Hi,

    The output displayed below doesn't contain any broadcasts! The win= fields
    in the output gives you information about the window position/size. This is
    part of TCP/IP flow-control / error-handling.
    What the output actually displays is a lot of ICMP traffic (echo-request
    (ping) and destination unreachable), some NCP (port 524, novell control
    protocol) messages and some (E)IGRP helo's.

    All of this is done in 0.02 seconds, what's the current used bandwith on the
    interface. See show interfaces and look for the bytes / s send and received.
    Your trace included NCP? Are you running Novell? If not, you might want to
    run a spyware / antivirus scan. A google search for "tcp port 524" shows
    various security related results.

    Regards,

    Erik


    "John" <> wrote in message
    news:ggTje.18704$Y36.15108@trndny05...
    > Hi,
    > One of my remote site has been experience slowness problem after the
    > xp2 refresh. SoI monitor the traffic by using debug ip packet detail and
    > below is the output from the debug and I find many win broadcast. Can
    > someone tell me it is normal and why I am seeing so many win broadcast.
    > jrd_60laff#no debug all100), d=172.16.106.191 (Ethernet0),
    > g=172.16.106.191, len
    > 41, forward
    > *Mar 1 22:21:31: TCP src=524, dst=1446, seq=564966808,
    > ack=2194933790, win=
    > 7604 ACK
    > *Mar 1 22:21:31: IP: s=65.143.227.74 (Serial1.100), d=172.16.106.52
    > (Ethernet0)
    > , g=172.16.106.52, len 28, forward
    > *Mar 1 22:21:31: ICMP type=8, code=0
    > *Mar 1 22:21:31: IP: s=65.143.227.74 (Serial1.100), d=172.16.106.52
    > (Ethernet0)
    > , len 28, encapsulation failed
    > *Mar 1 22:21:31: ICMP type=8, code=0
    > *Mar 1 22:21:31: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    > 172.16.106.158 -> 1
    > 72.16.91.105 (0/0), 1 packet
    > *Mar 1 22:21:31: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.105, len
    > 84, acc
    > ess denied
    > *Mar 1 22:21:31: ICMP type=8, code=0
    > *Mar 1 22:21:31: IP: s=172.16.106.1 (local), d=172.16.106.158
    > (Ethernet0), len
    > 56, sending
    > *Mar 1 22:21:31: ICMP type=3, code=13
    > *Mar 1 22:21:31: IP: s=172.16.5.204 (Serial1.100), d=172.16.106.191
    > (Ethernet0)
    > , g=172.16.106.191, len 41, forward
    > *Mar 1 22:21:31: TCP src=524, dst=1446, seq=564966808,
    > ack=2194933790, win=
    > 7604 ACK
    > *Mar 1 22:21:31: IP: s=172.16.106.191 (Ethernet0), d=172.16.5.204
    > (Serial1.100)
    > , g=172.16.246.81, len 40, forward
    > *Mar 1 22:21:31: TCP src=1446, dst=524, seq=2194933790,
    > ack=564966809, win=
    > 63924 ACK
    > *Mar 1 22:21:31: IP: s=172.16.106.158 (Ethernet0), d=172.16.111.102, len
    > 84, ac
    > cess denied
    > *Mar 1 22:21:31: ICMP type=8, code=0
    > *Mar 1 22:21:31: IP: s=172.16.106.191 (Ethernet0), d=172.16.5.204
    > (Serial1.100)
    > , g=172.16.246.81, len 40, forward
    > *Mar 1 22:21:31: TCP src=1446, dst=524, seq=2194933790,
    > ack=564966809, win=
    > 63924 ACK
    > *Mar 1 22:21:33: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    > 172.16.106.158 -> 1
    > 72.16.91.99 (0/0), 1 packet
    > *Mar 1 22:21:33: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.99, len
    > 84, acce
    > ss denied
    > *Mar 1 22:21:33: ICMP type=8, code=0
    > *Mar 1 22:21:33: IP: s=172.16.106.1 (local), d=172.16.106.158
    > (Ethernet0), len
    > 56, sending
    > *Mar 1 22:21:33: ICMP type=3, code=13
    > *Mar 1 22:21:33: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.96, len
    > 84, acce
    > ss denied
    > *Mar 1 22:21:33: ICMP type=8, code=0
    > *Mar 1 22:21:33: IP: s=172.16.106.1 (local), d=224.0.0.10 (Ethernet0),
    > len 60,
    > sending broad/multicast, proto=88
    > *Mar 1 22:21:33: IP: s=172.16.246.81 (Serial1.100), d=224.0.0.10, len 60,
    > rcvd
    > 2, proto=88
    > *Mar 1 22:21:34: %SEC-6-IPACCESSLOGDP: list 120 denied icmp
    > 172.16.106.158 -> 1
    > 72.16.91.76 (0/0), 1 packet
    > *Mar 1 22:21:34: IP: s=172.16.106.158 (Ethernet0), d=172.16.91.76, len
    > 84, acce
    > ss denied
    > *Mar 1 22:21:34: ICMP type=8, code=0
    > *Mar 1 22:21:34: IP: s=172.16.106.1 (local), d=172.16.106.158
    > (Ethernet0), len
    > 56, sending
    > term mon22:21:34: ICMP type=3, code=13
    > *Mar 1 22:21:34: IP: s=172.16.246.82 (local), d=224.0.0.10 (Serial1.100),
    > len
    >
     
    Erik Tamminga, May 22, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sam
    Replies:
    0
    Views:
    1,264
  2. =?Utf-8?B?WW91dmVz?=

    WIN XPsp2 - WIN 98se wireless network file sharing impossible

    =?Utf-8?B?WW91dmVz?=, Jan 15, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    932
    Guest
    Jan 18, 2005
  3. =?Utf-8?B?SmltIEM=?=

    Win 2k Pro can't see Win XP Home

    =?Utf-8?B?SmltIEM=?=, Mar 15, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    1,774
    Chuck
    Mar 15, 2005
  4. =?Utf-8?B?S2F0aHJ5bg==?=

    Wireless networking on Win XP and Win 98

    =?Utf-8?B?S2F0aHJ5bg==?=, May 5, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    760
  5. =?Utf-8?B?V2FrZUluZm9IZWxw?=

    Print sharing from Win XP to Win 98 via router - HELP!!

    =?Utf-8?B?V2FrZUluZm9IZWxw?=, Jul 23, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    957
    Doug Sherman [MVP]
    Jul 25, 2005
Loading...

Share This Page