Re: Suspicious network activity advice

[davestout () hotmail com]

I'm very sure I've seen this behavior before but I have since been made redundant from the company that had the problem 
so can't refer to the network captures I performed.

Basically the Master browser suggestion holds some water. We had a problem browsing computers by NetBIOS name as they 
were not being listed under the domain listing correctly. When performing network captures I located that the NetBIOS 
master browser was indeed a Unix based machine. Now the Unix based machines were not connected to the Windows domain so 
the NetBIOS names were not visible on the Domain.... hence the problem I was investigating.

Now I remember that during performing network captures I am sure that the Master Browser computer scans through all 
NetBIOS names alphabetically to keep the table refreshed. I also remember reading an article that showed that the 
NetBIOS information is passed to the Domain via the master Browser and if this is your PC then it may account for the 
information.

Spending 5 minutes with ethereal to observe this traffic and actually analysing would have saved a lot of time and 
effort and I've seen people running around like headless chickens on a fault that was solved after a 2 minute network 
capture.

Again without access to the traces anymore I can't be 100% certain this may be your case, but it sounds very close to 
something I remember observing.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------