In one of our remote subnets, I see a lot of ping traffic from workstations
to the local domain controller in the local area network-The ping traffic
was large in size everyday varying from 3 gb to 14gb for each workstation.
I cannot find any viruses, or tyrojans on these workstations and the domain
controllers also- I also don't see any unnecessary processes runnning on
them. But still, I see log of Ping traffic in the local subnet.
I installed ethereal on the domain controllers and I see several Icmp
packets everyday from each workstation along with TCP packets and SMB
traffic.
I am sending the packet info from one of the ICMP packet -Can some one see
anything from this?
Like this, I am getting several packets from workstations in the local
network-
No. Time Source Destination Protocol
Info
570 71.287323 10.21.16.121 10.21.16.2 ICMP
Echo (ping) request
Frame 570 (74 bytes on wire, 74 bytes captured)
Arrival Time: Jun 1, 2005 13:18:55.103798000
Time delta from previous packet: 0.018483000 seconds
Time since reference or first frame: 71.287323000 seconds
Frame Number: 570
Packet Length: 74 bytes
Capture Length: 74 bytes
Ethernet II, Src: 00:01:02:d6:49:3d, Dst: 00:03:47:0e:08:65
Destination: 00:03:47:0e:08:65 (10.21.16.2)
Source: 00:01:02:d6:49:3d (10.21.16.121)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.21.16.121 (10.21.16.121), Dst Addr:
10.21.16.2 (10.21.16.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0xe488 (58504)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 32
Protocol: ICMP (0x01)
Header checksum: 0x8194 (correct)
Source: 10.21.16.121 (10.21.16.121)
Destination: 10.21.16.2 (10.21.16.2)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x9c5a (correct)
Identifier: 0x0200
Sequence number: 0xb103
Data (32 bytes)
0000 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 ABCDEFGHIJKLMNOP
0010 51 52 53 54 55 56 57 41 42 43 44 45 46 47 48 49 QRSTUVWABCDEFGHI
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar � get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/