Traffic to DC on port 80

M

Mike Towan

Hello all,

I am seeing lots of traffic between clients and Win2K DC's on port 80...I
appears to be every time clients try to authenticate (i.e. lots of port 80
traffic between 0800 and 0830). Is there something client side to change to
prevent this? Shouldn't the requests only be coming across on port 88, 445,
etc?

Any suggestions appreciated!

Mike
 
S

Simon Geary

You shouldn't be seeing any authentication traffic on port 80, I would stick
a sniffer on the network to find out what it is. If you don't have one, try
a search for Ethereal on Google, it's free .
 
M

Mike Towan

I have captured the traffic in the past... I will see if I can find some of
the packet info and post it.. it looks inoccuous enough and looks like it is
happening during logon.
 
M

Mike Towan

Here is a look at the traffic.... port 80 shows up, but I am also seeing
port 88, 389,445, the "normal" stuff you would expect all within a few
seconds of the initial http request.

### 10.1.6.105:4145/TCP --> 10.1.1.90:80/TCP
### S 1477816127:1477816127(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
4500 0030 6EFA 4000 E__0n_@_

7E06 7258 0A01 0669 ~_rX___i

0A01 010B 1031 0050 _____1_P

5815 AF3F 0000 0000 X__?____

7002 FAF0 54E3 0000 p___T___

0204 05B4 0101 0402 ________
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Force traffic on port OTHER than 445 4
Blocking Port 80 with windows firewall 2
ISA Server and Domain traffic 2
preventing remote client logon to home servers 4
XP - Explorer.exe causing random traffic on TCP port 445 1
xp pro connecting to win2k server file share over port 80? 1
Unknown Traffic & TCP Ports 1
monitoring traffic on port 80 using a socket in vb.net 0

Top