broadcast packet
-
Tuesday, January 29, 2013 10:40 AM
Hello everybody,
I have a Windows Server 2008 R2 Enterprise - Enterprise with TMG 2010,
On the monitor alerts, accused a blocking connections per minute from a
Determined micro, I analyzed the logs and saw that there are many blocks of broadcast
This micro coming port 5355.
The TMG by default blocks the broadcast, however what makes me puzzled is the amount of blocking coming this specific micro.
I analyzed the logs of antivirus and nothing was detected, the machine is installed Symantec endopoint.
I would like the opinion of colleagues, I am posting the following problem:Cliente IP Destination ip Destination Port
192.168.0.130 224.0.0.252 5355 Link-local multicast name resolution Denied
192.168.0.130 224.0.0.252 5355 Link-local multicast name resolution Denied
192.168.0.130 224.0.0.252 5355 Link-local multicast name resolution Denied
FWX_E_BROADCAST_PACKET_DROPPED
Denied Connection
SRVTMG 22/01/2013 11:31:30
Log type: Firewall service
Status: A broadcast packet was dropped by the Forefront TMG policy.
Rule: None - see Result Code
Source: Internal (192.168.0.130:64558)
Destination: External (224.0.0.252:5355
All Replies
-
Tuesday, January 29, 2013 4:46 PM
Hi,
this is Multicast traffic. Find the application/service on the "Micro" which sends Multicast packages and Change the configuration
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Sunday, February 03, 2013 3:19 PM
.png)
