Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ICMP Flood - 2152

Recently, I've been seeing a lot of 2152 ICMP Flood traffic generated from workstations to a DNS/Active Directory server. I checked the workstations and they are clean of virus/trojan/malicous users/etc..., I enabled packetcapture, but see nothing unusual in etherreal. Maybe someone can help analyze the packet?

Thanks

2 REPLIES
Cisco Employee

Re: ICMP Flood - 2152

Sure, if you would forward the packet to me I would be glad to take a look at it. (klwiley@cisco.com)

You mention that you are seeing the traffic from the workstations to the server. How many workstations are involved? Are they all on the same network segment?

You also say you ttok a look at the worksations, but did you also give the serve in question a once over?

KLW

New Member

Re: ICMP Flood - 2152

Don't believe this would be virus/trojan...because it is only banging against one server. drop down to a command prompt on the WS and issue the netstat -a command and look at what ports/protos are open, and look for the port that is using ICMP. This should get you where you want to go? Let me know. Thanks.

276
Views
0
Helpful
2
Replies