New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Netflow Sensons Top Talkers dest IP 192.88.99.1 ASA

Votes:

0

Your Vote:

Up

Down

Dear all

I always wondered why my ASA, which I monitor with a netflo9 sensor, has a lot of traffic from a fileserver to IP 192.88.99.1. According to "google" its ipv6 traffic. But ipv6 is turned off and I dont see why my fileserver should generate that much traffic with IPv6. Its a Windows 2008 R2 Machine.

Is there any sensor I may add for this machine to get a better overview what exactly is generating that many traffic, without using a third party tool?

regards Thomas

bandwith ipv6 netflow

Created on Aug 7, 2015 2:59:46 PM by  Thomas Umbricht (2,818) 3 3



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Solution:

Ok. I did not blocked the IP or disabled ipv6. What I did is disabled:

netsh int 6to4 set state state=disabled
netsh int teredo set state type=disabled

According to http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx

Now I see the traffic in the netflow sensor exact as it should be and is more comprehensible. I don't know really why but it worked ;)

Created on Aug 11, 2015 1:17:59 PM by  Thomas Umbricht (2,818) 3 3

Last change on Oct 1, 2015 8:46:52 AM by  Torsten Lindner [Paessler Support]



7 Replies

Votes:

0

Your Vote:

Up

Down

It's not IPv6 traffic, rather IPv6 packets delivered via IPv4, that's why you still receive it. Is there anyting obvious about the packets, like where it originates from?

Created on Aug 11, 2015 10:54:40 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Its quite strange. They come from a fileserver and it's the exact same amount of Megabytes, every 15 minutes measureblock

  1. 1. fs01.domain.internal (###.##.254.90) [192.88.99.1] 1'670 MByte
  2. 2. fs01.domain.internal (###.##.254.206) [192.88.99.1] 835 MByte

it kind a worries me. because other server has that too, even freshly installed and not used at the moment.

Created on Aug 11, 2015 11:49:42 AM by  Thomas Umbricht (2,818) 3 3

Last change on Aug 11, 2015 11:53:47 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Couldn't you simply block both IPs? Anything in the logs of the file server (what data is downloaded, etc.)? Could it be a sensor in your PRTG by any chance?

Created on Aug 11, 2015 11:54:49 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Created on Aug 11, 2015 12:18:53 PM by  Thomas Umbricht (2,818) 3 3



Votes:

0

Your Vote:

Up

Down

It seems that lots of servers communicate inside with ipv6 (whole domain and memebr servers) then they search for the server and look for the gateway (anycast adress ipv6 192.88.99.1) then the ASA forwards them to the other server.

Could that statement be true?

Created on Aug 11, 2015 12:27:26 PM by  Thomas Umbricht (2,818) 3 3



Accepted Answer

Votes:

0

Your Vote:

Up

Down

Solution:

Ok. I did not blocked the IP or disabled ipv6. What I did is disabled:

netsh int 6to4 set state state=disabled
netsh int teredo set state type=disabled

According to http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx

Now I see the traffic in the netflow sensor exact as it should be and is more comprehensible. I don't know really why but it worked ;)

Created on Aug 11, 2015 1:17:59 PM by  Thomas Umbricht (2,818) 3 3

Last change on Oct 1, 2015 8:46:52 AM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Nice, thanks for sharing! :)

Created on Aug 11, 2015 1:31:16 PM by  Stephan Linke [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.