Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
0
Helpful
6
Replies

router excessive netbios icmp

dreams_as_money
Level 1
Level 1

‎01-16-2012 05:06 AM - edited ‎03-04-2019 02:55 PM

Hi mates

I have got  problem with my branch router  which is sending excessive netbios icmp request to ghost ip

I have monitored it with wireshark  for two days and  it peridically sending  icmp request to     ghost ip that doesn't exist in my topolgy

could  someone tell  what's going in my branch router?

Thanks

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎01-16-2012 08:32 AM

Hi,  could you post your config.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

dreams_as_money
Level 1
Level 1
In response to cadet alain

‎01-16-2012 11:06 AM

Hi

Thanks  for reply

version 15.2

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

!

hostname ************

!

boot-start-marker

boot system flash0:/c2900-universalk9-mz.SPA.152-1.T1.bin

boot-end-marker

!

!

logging buffered 100000

!

aaa new-model

!

!

aaa authentication login default local enable

!

!

!

!

!

aaa session-id common

!

0

!

no ipv6 cef

!

!

!

!

!

ip domain name *************

ip cef

!

multilink bundle-name authenticated

!

!

password encryption aes

crypto pki token default removal timeout 0

!

!

c

!

!

redundancy

!

!

!

!

!

no ip ftp passive

ip ssh logging events

ip ssh version 2

!

class-map match-any L-LIMIT

description LIMIT4VIDEO

match access-group name LIMIT

!

!

policy-map L-LIMIT

description POLICY4VIDEO

class L-LIMIT

  police 3500000 3500000

!

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp key *********** address ************************

crypto isakmp keepalive 10

!

crypto isakmp peer address ****************

!

!

crypto ipsec transform-set ************** esp-aes esp-sha-hmac

!

crypto ipsec profile **********

set transform-set *****************

!

!

!

!

!

!

!

interface Loopback0

description LOOP

ip address *****************

!

interface Tunnel0

description To-->HUB

ip address *****************

no ip redirects

ip mtu 1440

ip nhrp authentication *************

ip nhrp map multicast **************

ip nhrp map ***************************

ip nhrp network-id 104

ip nhrp nhs *******************

ip nhrp shortcut

ip nhrp redirect

ip ospf network broadcast

ip ospf cost 10000

ip ospf priority 0

ip ospf 100 area 0

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100004

tunnel protection ipsec profile *****************

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Wan

ip address ******************************

ip nbar protocol-discovery

ip ospf authentication message-digest

ip ospf authentication-key 7 0529092D0E7F7E2F

ip ospf priority 0

duplex auto

speed auto

service-policy output L-LIMIT

!

interface GigabitEthernet0/1

description Local

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

description Local

encapsulation dot1Q 2

ip address ****************************

ip access-group 2 in

ip nbar protocol-discovery

!

interface GigabitEthernet0/1.2

encapsulation dot1Q 3

ip address 10****************************

ip nbar protocol-discovery

!

interface GigabitEthernet0/1.3

description ***********

encapsulation dot1Q 4

ip address ********************** secondary

ip address *********************

!

router ospf 100

priority 0

network************* area 0

network ************ area 0

network ************* area 0

network ********** area 0

network ************ area 0

network ************ area 0

!

ip forward-protocol nd

!

no ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

!

!

!

!

!

!

!

!

!

control-plane

!

!

alias exec traffic sh ip nbar  protocol-discovery stats packet-count  top-n  10

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 3

access-class 1 in

privilege level 15

transport input all

line vty 4

access-class 1 in

privilege level 15

password 7 10634A0B0E44085955547B

transport input all

!

scheduler allocate 20000 1000

ntp authentication-key 100 md5 0138031D755C162D2E6E 7

ntp server ***********

time-range ******

periodic Monday Tuesday Wednesday Thursday Friday Saturday 8:00 to 20:00

0 Helpful

tony.henry_2
Level 1
Level 1
In response to dreams_as_money

‎01-16-2012 07:45 PM

Dreams,

What tools did you use to detect this? to my knowledge theres no reason for the router to be pinging anything unless it has IP SLA enabled.... which I didn't see. Do you have a spare router, with the same IOS maybe you should boot it up and see if it does the same thing, or maybe just replace the router out there as it's behaviour is odd. IMO

Tony 

0 Helpful

lgijssel
Level 9
Level 9

‎01-16-2012 08:50 AM

Do you perhaps have an ip helper address configured on the router which equals this ip address?

regards,

Leo

0 Helpful

dreams_as_money
Level 1
Level 1
In response to lgijssel

‎01-16-2012 11:08 AM

Here is conf.

Thanks

0 Helpful

lgijssel
Level 9
Level 9
In response to dreams_as_money

‎01-16-2012 11:16 AM

That doesn't help really.

Please show us what this is about; any debug output or so perhaps?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card