Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Traffic Log - NTP Logs Why..??

1. Traffic Log - NTP Logs Why..??

Recommend
Rojopipe
Posted Nov 22, 2013 05:19 PM

Reply Reply Privately
Hi Guys,

Why in a SEP client appears IP address of another clients in the traffic log of the a SEP client..?

Example:

(This image log is taken of the SEP client with IP 192.168.0.111)

Is necessary register this..?

Is possible to avoid it..?

Thanks.
2. RE: Traffic Log - NTP Logs Why..??

Recommend
ℬrίαη
Posted Nov 22, 2013 05:24 PM

Reply Reply Privately
The screen is too small to see, can you post as a jpeg?
3. RE: Traffic Log - NTP Logs Why..??

Recommend
Rojopipe
Posted Nov 22, 2013 05:40 PM

Reply Reply Privately
Hi _Brian,

of course..
4. RE: Traffic Log - NTP Logs Why..??

Recommend
ℬrίαη
Posted Nov 22, 2013 05:43 PM

Reply Reply Privately
It looks like web traffic, is that on port 80? Is that a proxy server? Do you know that IP address?
5. RE: Traffic Log - NTP Logs Why..??

Recommend
Rojopipe
Posted Nov 22, 2013 05:48 PM
| view attached

Reply Reply Privately
attached the image
6. RE: Traffic Log - NTP Logs Why..??

Recommend
ℬrίαη
Posted Nov 22, 2013 06:00 PM

Reply Reply Privately
Are you familiar with those hosts?

Port 1900 (UDP) is UPnP traffic. Basically it's network discovery. You can turn that off in Windows 7 .Or you can create a firewall rule to block. I believe there is one already created in the SEP fw
7. RE: Traffic Log - NTP Logs Why..??

Recommend
Rojopipe
Posted Nov 25, 2013 10:21 AM

Reply Reply Privately
Yes, those IP are other PC's on the network.

My concern is why the host 192.168.0.111 host writes in his log traffic from other host ..? It is as if SEP client work of "promiscuously" as does wireshark or any other sniffer. I think that makes a lot of noise and generates extra load to this PC (192.168.0.111) that records information of others host.

As could be avoided ..? In short, it only records the traffic is concerned
8. RE: Traffic Log - NTP Logs Why..??

Recommend
ℬrίαη
Posted Nov 25, 2013 10:29 AM

Reply Reply Privately
That type of traffic from the other host is triggering that specific firewall rule. You do have the option to turn off logging for that rule but that should be the expected result if logging is turned on
9. RE: Traffic Log - NTP Logs Why..??

Recommend
ℬrίαη
Posted Feb 22, 2014 03:28 PM

Reply Reply Privately
Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Endpoint Protection

Traffic Log - NTP Logs Why..??

RojopipeNov 22, 2013 05:19 PM

ℬrίαηNov 22, 2013 05:24 PM

RojopipeNov 22, 2013 05:40 PM

ℬrίαηNov 22, 2013 05:43 PM

RojopipeNov 22, 2013 05:48 PM

ℬrίαηNov 22, 2013 06:00 PM

RojopipeNov 25, 2013 10:21 AM

ℬrίαηNov 25, 2013 10:29 AM

ℬrίαηFeb 22, 2014 03:28 PM

1. Traffic Log - NTP Logs Why..??

2. RE: Traffic Log - NTP Logs Why..??

3. RE: Traffic Log - NTP Logs Why..??

4. RE: Traffic Log - NTP Logs Why..??

5. RE: Traffic Log - NTP Logs Why..??

6. RE: Traffic Log - NTP Logs Why..??

7. RE: Traffic Log - NTP Logs Why..??

8. RE: Traffic Log - NTP Logs Why..??

9. RE: Traffic Log - NTP Logs Why..??