Wireshark · Ethereal-users: [Ethereal-users] Ping traffic in the network

Ethereal-users: [Ethereal-users] Ping traffic in the network

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Pugazhendhi Pargunan" <pparguna@xxxxxxxxxxx>

Date: Wed, 01 Jun 2005 14:47:08 -0400

In one of our remote subnets, I see a lot of ping traffic from workstationsto the local domain controller in the local area network-The ping trafficwas large in size everyday varying from 3 gb to 14gb for each workstation.

I cannot find any viruses, or tyrojans on these workstations and the domaincontrollers also- I also don't see any unnecessary processes runnning onthem. But still, I see log of Ping traffic in the local subnet.

I installed ethereal on the domain controllers and I see several Icmppackets everyday from each workstation along with TCP packets and SMBtraffic.

I am sending the packet info from one of the ICMP packet -Can some one seeanything from this?Like this, I am getting several packets from workstations in the localnetwork-

No. Time Source Destination ProtocolInfo570 71.287323 10.21.16.121 10.21.16.2 ICMPEcho (ping) request


Frame 570 (74 bytes on wire, 74 bytes captured)
   Arrival Time: Jun  1, 2005 13:18:55.103798000
   Time delta from previous packet: 0.018483000 seconds
   Time since reference or first frame: 71.287323000 seconds
   Frame Number: 570
   Packet Length: 74 bytes
   Capture Length: 74 bytes
Ethernet II, Src: 00:01:02:d6:49:3d, Dst: 00:03:47:0e:08:65
   Destination: 00:03:47:0e:08:65 (10.21.16.2)
   Source: 00:01:02:d6:49:3d (10.21.16.121)
   Type: IP (0x0800)

Internet Protocol, Src Addr: 10.21.16.121 (10.21.16.121), Dst Addr:10.21.16.2 (10.21.16.2)

   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
       0000 00.. = Differentiated Services Codepoint: Default (0x00)
       .... ..0. = ECN-Capable Transport (ECT): 0
       .... ...0 = ECN-CE: 0
   Total Length: 60
   Identification: 0xe488 (58504)
   Flags: 0x00
       0... = Reserved bit: Not set
       .0.. = Don't fragment: Not set
       ..0. = More fragments: Not set
   Fragment offset: 0
   Time to live: 32
   Protocol: ICMP (0x01)
   Header checksum: 0x8194 (correct)
   Source: 10.21.16.121 (10.21.16.121)
   Destination: 10.21.16.2 (10.21.16.2)
Internet Control Message Protocol
   Type: 8 (Echo (ping) request)
   Code: 0
   Checksum: 0x9c5a (correct)
   Identifier: 0x0200
   Sequence number: 0xb103
   Data (32 bytes)

0000  41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50   ABCDEFGHIJKLMNOP
0010  51 52 53 54 55 56 57 41 42 43 44 45 46 47 48 49   QRSTUVWABCDEFGHI

_________________________________________________________________

FREE pop-up blocking with the new MSN Toolbar get it now!http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Follow-Ups:
- Re: [Ethereal-users] Ping traffic in the network
  - From: Jens Link

Prev by Date: Re: [Ethereal-users] ethereal 0.10.11 WSP dissector bug
Next by Date: Re: [Ethereal-users] ethereal 0.10.11 WSP dissector bug
Previous by thread: [Ethereal-users] Re: Ethereal-users Digest, Vol 26, Issue 2 (Out of Office)
Next by thread: Re: [Ethereal-users] Ping traffic in the network
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$