This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Many packets sent to domain controller

Go to solution
leblanc_daniel_
Engaged Sweeper III

‎07-02-2015 03:01 PM

The trouble my security groupe found that LanSweeper server gave out over 10K paquets with in an hours to 4 DC server(2 root AD et 2 child domain) why so much?

LanSweeperServer
SERVERDC03.child domain Ports : 88,135, 445,389, 49157, 49159
SERVERDC04.Child domain
SERVERDC01.Root AD
SERVERDC02.Root AD

This is whar we get when we scan:
SERVER250 Ports : 135, 139,161,445,21,25,80,443,5060

Why so much paquet between LanSweeper and DC (Domain Controller)
Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
Daniel_B
Lansweeper Alumni

‎07-03-2015 12:59 PM

Created a new forum topic for your question as it was not directly related to the question you posted before.

Lansweeper contacts your domain controller
  • during each scan of a Windows computer in order to look up AD computer or user accounts related to this computer. The number of requests per hour depends on the number of computers you are scanning, the number of users which were scanned on these and your settings under Configuration\Server options, sections Asset Cleanup options and User cleanup options. This traffic should only happen on port 389/TCP.
  • every 15 minutes (by default) for Active scanning
  • at the beginning of each scanning cycle for Scheduled computer scanning, Domain user scanning, Scheduled eventlog scanning in case you submitted OU's for scanning
  • during scanning of the domain controller host machine itself


We recommend as well that you investigate which service was the origin of this traffic.

View solution in original post

1 REPLY 1
Go to solution
Daniel_B
Lansweeper Alumni

‎07-03-2015 12:59 PM

Created a new forum topic for your question as it was not directly related to the question you posted before.

Lansweeper contacts your domain controller
  • during each scan of a Windows computer in order to look up AD computer or user accounts related to this computer. The number of requests per hour depends on the number of computers you are scanning, the number of users which were scanned on these and your settings under Configuration\Server options, sections Asset Cleanup options and User cleanup options. This traffic should only happen on port 389/TCP.
  • every 15 minutes (by default) for Active scanning
  • at the beginning of each scanning cycle for Scheduled computer scanning, Domain user scanning, Scheduled eventlog scanning in case you submitted OU's for scanning
  • during scanning of the domain controller host machine itself


We recommend as well that you investigate which service was the origin of this traffic.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now