i use the sniffer tool in Lan,find the large longs broadcast source MAC is 020100000000,
protocol is 886F(unknown),longth 1510, please ask it's common broadcast? it is a virus ?
Printable View
i use the sniffer tool in Lan,find the large longs broadcast source MAC is 020100000000,
protocol is 886F(unknown),longth 1510, please ask it's common broadcast? it is a virus ?
deadforg: Can you post a complete packet dump plz. Sanitize it if necessary of course.
Here is the answer:
- 886F ethertype owns to Microsoft
- Then a quick research on M$ site gives you the information that this ethertype is used for servers (2K) load balancing with a cluster of serverQuote:
Quote:
information from M$
Network Load Balancing scales the performance of a server-based program, such as a Web server, by distributing its client requests among multiple servers within the cluster. With Network Load Balancing, each incoming IP packet is received by each host, but only accepted by the intended recipient. The cluster hosts concurrently respond to different client requests, even multiple requests from the same client. For example, a Web browser may obtain the various images within a single Web page from different hosts in a load-balanced cluster. This speeds up processing and shortens the response time to clients.
[...]
Network Load Balancing's heartbeat messages are assigned an ether type-value of hexadecimal 886F. The default period between sending heartbeats is one second, and this value can be adjusted with the AliveMsgPeriod registry parameter.
thanks ,may be runing Network Load Balancing