|
Home > Archive > alt.certification.cisco > July 2003 > Unusual Network Activity
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Unusual Network Activity
|
|
| Daniel Reid 2003-07-25, 6:25 am |
| One of our servers keeps sending out some unusual data. As found using a
packet monitor, one machines was sending out the following UDP packets.
from 192.168.0.3 to 255.255.255.255, from port 67 to port 68 or vice versa,
wirh a size of 328 if leaving from port 67 or 276 if leaving from port 68.
I really don't like the look of this, but don't know how tof ind out what
might be causing it.
Any ideas?
| |
| Lilia Langan 2003-07-25, 6:25 am |
| Ports 67 and 68 correspond to DHCP ( or BOOTP) protocol, I suggest you to
check ip address setting. (the leasing of an assigned address has to
periodically renewed). A protocol analyzer can tell you a lot more about the
nature of those messages.
Cheers
Lilia
"Daniel Reid" <danielreid@philippank.com> wrote in message
news:bfqtlt$6vh$1$8300dec7@new
s.demon.co.uk...
> One of our servers keeps sending out some unusual data. As found using a
> packet monitor, one machines was sending out the following UDP packets.
> from 192.168.0.3 to 255.255.255.255, from port 67 to port 68 or vice
versa,
> wirh a size of 328 if leaving from port 67 or 276 if leaving from port 68.
>
> I really don't like the look of this, but don't know how tof ind out what
> might be causing it.
>
> Any ideas?
>
>
| |
| Simon Chang 2003-07-27, 10:25 pm |
| When a DHCP client is running past 50% of the total length of the lease, it
starts to generate messages to the *original* DHCP server from which it had
obtained the lease to renew the lease. When the lease goes to 85% and the
original DHCP server has not responded, the client then sends out a general
(255.255.255.255) broadcase message requesting any DHCP server within the
subnet to renew its IP address. It will continue to do so until the lease
expires.
SC
"Daniel Reid" <danielreid@philippank.com> wrote in message
news:bfqtlt$6vh$1$8300dec7@new
s.demon.co.uk...
> One of our servers keeps sending out some unusual data. As found using a
> packet monitor, one machines was sending out the following UDP packets.
> from 192.168.0.3 to 255.255.255.255, from port 67 to port 68 or vice
versa,
> wirh a size of 328 if leaving from port 67 or 276 if leaving from port 68.
>
> I really don't like the look of this, but don't know how tof ind out what
> might be causing it.
>
> Any ideas?
>
>
|
|
|
|
|