Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-09-2009, 03:49 PM   #1
Daemon Poster
 
CarpeNoctem's Avatar
 
Join Date: Oct 2004
Posts: 1,274
Send a message via AIM to CarpeNoctem Send a message via MSN to CarpeNoctem
Default Network Traffic

Can someone help me with this entry in my Event Viewer?

I am creating a small home-based business network for a CAD company and I don't fully understand some of these entries.

The Server has 2 NICS one 192.168.0 and the other 192.168.11. The server is running Windows Server 2003. The .0 Subnet has the house's personal computers. The .11 Subnet has their workstations.

For a little background, they are a home based business who hires CAD Operators and ships out computers to them so they can work from home. The company pays for an upgraded ISP connection which will make VPN connections fast enough to tolerate. It's actually a good idea because there are more baby boomer CAD operators than any generation who would love to work from home after working in an office 8-12 hours a day for 15-25 years.

Anyways, I am getting Anonymous Logons from a computer in the .0 network in the event viewer.

I find this strange because the server's .0 NIC is connected to the router and the .11 NIC is connected to a switch. So every workstation on the .11 subnet goes through the switch to get the the server and their home computers connect directly to the router and the router to the cable modem. This separates the two so that traffic generated by their personal computer will not affect performance on their work computers. When they were all on one subnet, their network programs (located on server) started slower and lagged. I am unclear why the computers on the .0 subnet are trying to log into the server. They shouldn't even be able to see the workstations on the .11 subnet. Here is the event viewer...

Code:
Successful Network Logon:
 	User Name:	
 	Domain:		
 	Logon ID:		(0x0,0x4AC98)
 	Logon Type:	3
 	Logon Process:	NtLmSsp 
 	Authentication Package:	NTLM
 	Workstation Name:	ROBUT
 	Logon GUID:	-
 	Caller User Name:	-
 	Caller Domain:	-
 	Caller Logon ID:	-
 	Caller Process ID: -
 	Transited Services: -
 	Source Network Address:	192.168.0.198
 	Source Port:	0
My question is, Is this normal? And if it is normal, will it affect network traffic?

They constantly use autodesk/3rd party network programs (LAN and inbound internet connections) so I need to make this network as efficient as possible. And this is the only thing I can see which is out of place. Your help is very much appreciated. Thank you!

BTW I've been out of the networking/server administration scene for 7 or so years (yes, server 2003 is new to me lol) and am trying to get all of this knowledge back. So I may have more questions :P
__________________

__________________
How many people can read hex if only you and dead people can read hex?

Start using reputation points!!!
CarpeNoctem is offline   Reply With Quote
Old 06-09-2009, 05:47 PM   #2
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: Network Traffic

Well.. I am definitely not the one to help you completely.. But have you checked what is at 192.168.0.198?
The login type is a network login. (could be shared files, or printer)
Do you have a computer with the workstation name "ROBUT"?
The source port is sort of strange..
__________________

__________________
Everyone's Favorite Turd xD
ET: "Phone home!"
Geek: "ping 127.0.0.1"

"If that guy knew half the $h*t that I know, his fuzzy little head would explode. " - Matthew Farrell
vampist is offline   Reply With Quote
Old 06-09-2009, 07:06 PM   #3
Daemon Poster
 
CarpeNoctem's Avatar
 
Join Date: Oct 2004
Posts: 1,274
Send a message via AIM to CarpeNoctem Send a message via MSN to CarpeNoctem
Default Re: Network Traffic

Quote:
Originally Posted by vampist View Post
Well.. I am definitely not the one to help you completely.. But have you checked what is at 192.168.0.198?
The login type is a network login. (could be shared files, or printer)
Do you have a computer with the workstation name "ROBUT"?
The source port is sort of strange..
Thanks, that's a good idea about shared files. I'll have to disable shared files on their computers and look at what happens in the event viewer. ROBUT is one of their personal computers on the .0 subnet. I am just unsure of why there was traffic generated. I live across town from this small business/home network so I want to make sure everything is in tip top shape when I finish setting it up. And so far this is the only thing going on in the server that is unfamiliar and unplanned.

I'm pretty much stumped because the .11 computers should not be able to see any of the computers on the .0 subnet.

They have quite a few personal computers on the .0 subnet but only this one computer named ROBUT is connecting to the server.
__________________
How many people can read hex if only you and dead people can read hex?

Start using reputation points!!!
CarpeNoctem is offline   Reply With Quote
Old 06-09-2009, 08:07 PM   #4
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: Network Traffic

Quote:
Originally Posted by CarpeNoctem View Post
Thanks, that's a good idea about shared files. I'll have to disable shared files on their computers and look at what happens in the event viewer. ROBUT is one of their personal computers on the .0 subnet. I am just unsure of why there was traffic generated. I live across town from this small business/home network so I want to make sure everything is in tip top shape when I finish setting it up. And so far this is the only thing going on in the server that is unfamiliar and unplanned.

I'm pretty much stumped because the .11 computers should not be able to see any of the computers on the .0 subnet.

They have quite a few personal computers on the .0 subnet but only this one computer named ROBUT is connecting to the server.
Well that one connection wasn't on the .11 subnet it was on the .0 subnet.
Unless that connection is from a log ON the .11 subnet.. Then you have a problem lol.. but yeah I would check out .0.192.
__________________
Everyone's Favorite Turd xD
ET: "Phone home!"
Geek: "ping 127.0.0.1"

"If that guy knew half the $h*t that I know, his fuzzy little head would explode. " - Matthew Farrell
vampist is offline   Reply With Quote
Old 06-09-2009, 10:59 PM   #5
Daemon Poster
 
CarpeNoctem's Avatar
 
Join Date: Oct 2004
Posts: 1,274
Send a message via AIM to CarpeNoctem Send a message via MSN to CarpeNoctem
Default Re: Network Traffic

Actually you're correct, the log file is on a server on the .11 subnet. The .0 subnet has no server between the personal computers and the router, while the workstations are connected to the router through a server. I did this to separate work traffic from the owners kids traffic specifically.

The reason I put the server in is because they need to use their office LAN software over the internet. So I set them up on VPN and the company is profitable enough to upgrade their workers internet at home to be efficient.

There were lags in the software that were not due to internet connectivity. I narrowed it down to the owners son's playing LAN games together (not over the internet). So I decided to separate the traffic of the workstations from the personal computers. But this kinda defeats the purpose.

ROBUT is the owners personal computer so it's not as detrimental as the LAN gaming computers.
__________________
How many people can read hex if only you and dead people can read hex?

Start using reputation points!!!
CarpeNoctem is offline   Reply With Quote
Old 06-11-2009, 12:27 PM   #6
In Runtime
 
Join Date: Oct 2005
Posts: 140
Default Re: Network Traffic

what type of packets is it sending?
user12 is offline   Reply With Quote
Old 06-11-2009, 04:01 PM   #7
Daemon Poster
 
CarpeNoctem's Avatar
 
Join Date: Oct 2004
Posts: 1,274
Send a message via AIM to CarpeNoctem Send a message via MSN to CarpeNoctem
Default Re: Network Traffic

It turns out the owner was using a wifi card on his workstation (in addition to his ethernet NIC) to listen to music from his personal computer's shared folders. I stopped the file sharing, stopping the traffic from the .0 subnet. Thanks for everyone's input.
__________________
How many people can read hex if only you and dead people can read hex?

Start using reputation points!!!
CarpeNoctem is offline   Reply With Quote
Old 06-11-2009, 05:55 PM   #8
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: Network Traffic

Quote:
Originally Posted by CarpeNoctem View Post
It turns out the owner was using a wifi card on his workstation (in addition to his ethernet NIC) to listen to music from his personal computer's shared folders. I stopped the file sharing, stopping the traffic from the .0 subnet. Thanks for everyone's input.
Welcome
__________________

__________________
Everyone's Favorite Turd xD
ET: "Phone home!"
Geek: "ping 127.0.0.1"

"If that guy knew half the $h*t that I know, his fuzzy little head would explode. " - Matthew Farrell
vampist is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:17 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0