What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Netflow Sensons Top Talkers dest IP 192.88.99.1 ASA

Votes:

0

Dear all

I always wondered why my ASA, which I monitor with a netflo9 sensor, has a lot of traffic from a fileserver to IP 192.88.99.1. According to "google" its ipv6 traffic. But ipv6 is turned off and I dont see why my fileserver should generate that much traffic with IPv6. Its a Windows 2008 R2 Machine.

Is there any sensor I may add for this machine to get a better overview what exactly is generating that many traffic, without using a third party tool?

regards Thomas

bandwith ipv6 netflow

Created on Aug 7, 2015 2:59:46 PM



Best Answer

Accepted Answer

Votes:

0

Solution:

Ok. I did not blocked the IP or disabled ipv6. What I did is disabled:

netsh int 6to4 set state state=disabled
netsh int teredo set state type=disabled

According to http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx

Now I see the traffic in the netflow sensor exact as it should be and is more comprehensible. I don't know really why but it worked ;)

Created on Aug 11, 2015 1:17:59 PM

Last change on Oct 1, 2015 8:46:52 AM by Torsten Lindner [Paessler Support]



7 Replies

Votes:

0

It's not IPv6 traffic, rather IPv6 packets delivered via IPv4, that's why you still receive it. Is there anyting obvious about the packets, like where it originates from?

Created on Aug 11, 2015 10:54:40 AM by Stephan Linke [Paessler Support]



Votes:

0

Its quite strange. They come from a fileserver and it's the exact same amount of Megabytes, every 15 minutes measureblock

  1. 1. fs01.domain.internal (###.##.254.90) [192.88.99.1] 1'670 MByte
  2. 2. fs01.domain.internal (###.##.254.206) [192.88.99.1] 835 MByte

it kind a worries me. because other server has that too, even freshly installed and not used at the moment.

Created on Aug 11, 2015 11:49:42 AM

Last change on Aug 11, 2015 11:53:47 AM by Stephan Linke [Paessler Support]



Votes:

0

Couldn't you simply block both IPs? Anything in the logs of the file server (what data is downloaded, etc.)? Could it be a sensor in your PRTG by any chance?

Created on Aug 11, 2015 11:54:49 AM by Stephan Linke [Paessler Support]



Votes:

0

I will try this and block it http://www.howfunky.com/2010/02/how-to-prevent-ipv6-tunneling-across.html

Created on Aug 11, 2015 12:18:53 PM



Votes:

0

It seems that lots of servers communicate inside with ipv6 (whole domain and memebr servers) then they search for the server and look for the gateway (anycast adress ipv6 192.88.99.1) then the ASA forwards them to the other server.

Could that statement be true?

Created on Aug 11, 2015 12:27:26 PM



Accepted Answer

Votes:

0

Solution:

Ok. I did not blocked the IP or disabled ipv6. What I did is disabled:

netsh int 6to4 set state state=disabled
netsh int teredo set state type=disabled

According to http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx

Now I see the traffic in the netflow sensor exact as it should be and is more comprehensible. I don't know really why but it worked ;)

Created on Aug 11, 2015 1:17:59 PM

Last change on Oct 1, 2015 8:46:52 AM by Torsten Lindner [Paessler Support]



Votes:

0

Nice, thanks for sharing! :)

Created on Aug 11, 2015 1:31:16 PM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.