two routers, one gets ontacted continuously - Connectivity

This is a discussion on two routers, one gets ontacted continuously - Connectivity ; I think this is one for the experts here: I'm running XP SP2. I've got two routers DLink DI604 rev D1 with firmware 3.09b1 and I obtain 2 IP addresses from ISP automatically through DHCP. Both routers are identically configured ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: two routers, one gets ontacted continuously

  1. two routers, one gets ontacted continuously

    I think this is one for the experts here:

    I'm running XP SP2.
    I've got two routers DLink DI604 rev D1 with firmware 3.09b1 and I obtain 2
    IP addresses from ISP automatically through DHCP.
    Both routers are identically configured (but with different LAN IP addresses
    of course), and only 192.168.0.1 is DHCP server enabled for the LAN.
    Both routers are bridged at LAN side using a switch DLink DES1008D.
    Both routers are bridged at WAN side using a switch Eminent towards ISP
    modem .

    The two goups of PC's in LAN have different gateways configured, one group
    has 192.168.0.1 and the other has 192.168.0.2

    My own PC has both gateways configured, it takes default 192.168.0.1 as
    gateway.

    Now: When I look at the log of my firewall (Sygate Pro) I see the service
    "svchost.exe" contacting router 192.168.0.1 for say once every 20-30min, but
    "svchost.exe" contacts router 192.168.0.2 about 30-40 times per minute
    almost continuously.

    I already tried setting interface metric to different values on my PC.

    Any ideas what's happening here anybody ??

    The connection log of my firewall shows that contacting the 192.168.0.2 is
    always done towards port 80 of the router, but from incrementing ports
    (1025-5000) of my PC.
    Part of the Sygate log:
    Date/time: 05/10/2005 08:52:47
    Action: Allowed
    Severity: 3
    Direction: Outgoing
    Protocol: TCP
    Remote host: 192.168.0.2
    Remote MAC: 00-0F-3D-12-EC-ED
    Remote Port: 80
    Local host: 192.168.0.186
    Local MAC: 00-40-F4-90-54-B4
    Local port: 1431 (increments for every attempt)
    Process: C:\WINDOWS\system32\svchost.exe
    Owner: peter
    Workstation: WXP_MAINOFFICE
    Security: Normal
    Occurrences: 1
    Start time: 05/10/2005 08:52:44
    End time: 05/10/2005 08:52:44
    Rule: GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100

    When I list ipconfig /all I get:

    Den ipconfig /all gibt mir:
    Windows IP Configuration

    Host Name . . . . . . . . . . . . : WXP_MAINOFFICE
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : telenet.be

    Ethernet adapter Local Area Connection LAN:
    Connection-specific DNS Suffix . : telenet.be
    Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
    Ethernet NIC
    Physical Address. . . . . . . . . : 00-40-F4-90-54-B4
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.0.186
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    IP Address. . . . . . . . . . . . : fe80::240:f4ff:fe90:54b4%4
    Default Gateway . . . . . . . . . : 192.168.0.1
    192.168.0.2
    DHCP Server . . . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 195.130.130.4
    195.130.130.132
    fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    Lease Obtained. . . . . . . . . . : Tuesday, May 10, 2005 8:49:24 AM
    Lease Expires . . . . . . . . . . : Wednesday, May 11, 2005 8:49:24 AM

    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 80-00-E4-3B-AE-AD-CE-C3
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
    Default Gateway . . . . . . . . . :
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Automatic Tunneling Pseudo-Interface:
    Connection-specific DNS Suffix . : telenet.be
    Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : C0-A8-00-BA
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.186%2
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Disabled











  2. Re: two routers, one gets ontacted continuously

    found it....

    It was the icon in the taskbar contacting the router on a continuous base.
    Most likely to interrogate the router on sent and received packets.
    Looks like a bug in windows to me, since it's more relevant to contact the
    router if real traffic has happened.


    "Peterken" wrote in message
    news:iPkge.87919$4_1.5246075@phobos.telenet-ops.be...
    >I think this is one for the experts here:
    >
    > I'm running XP SP2.
    > I've got two routers DLink DI604 rev D1 with firmware 3.09b1 and I obtain
    > 2
    > IP addresses from ISP automatically through DHCP.
    > Both routers are identically configured (but with different LAN IP
    > addresses
    > of course), and only 192.168.0.1 is DHCP server enabled for the LAN.
    > Both routers are bridged at LAN side using a switch DLink DES1008D.
    > Both routers are bridged at WAN side using a switch Eminent towards ISP
    > modem .
    >
    > The two goups of PC's in LAN have different gateways configured, one group
    > has 192.168.0.1 and the other has 192.168.0.2
    >
    > My own PC has both gateways configured, it takes default 192.168.0.1 as
    > gateway.
    >
    > Now: When I look at the log of my firewall (Sygate Pro) I see the service
    > "svchost.exe" contacting router 192.168.0.1 for say once every 20-30min,
    > but
    > "svchost.exe" contacts router 192.168.0.2 about 30-40 times per minute
    > almost continuously.
    >
    > I already tried setting interface metric to different values on my PC.
    >
    > Any ideas what's happening here anybody ??
    >
    > The connection log of my firewall shows that contacting the 192.168.0.2 is
    > always done towards port 80 of the router, but from incrementing ports
    > (1025-5000) of my PC.
    > Part of the Sygate log:
    > Date/time: 05/10/2005 08:52:47
    > Action: Allowed
    > Severity: 3
    > Direction: Outgoing
    > Protocol: TCP
    > Remote host: 192.168.0.2
    > Remote MAC: 00-0F-3D-12-EC-ED
    > Remote Port: 80
    > Local host: 192.168.0.186
    > Local MAC: 00-40-F4-90-54-B4
    > Local port: 1431 (increments for every attempt)
    > Process: C:\WINDOWS\system32\svchost.exe
    > Owner: peter
    > Workstation: WXP_MAINOFFICE
    > Security: Normal
    > Occurrences: 1
    > Start time: 05/10/2005 08:52:44
    > End time: 05/10/2005 08:52:44
    > Rule: GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_100
    >
    > When I list ipconfig /all I get:
    >
    > Den ipconfig /all gibt mir:
    > Windows IP Configuration
    >
    > Host Name . . . . . . . . . . . . : WXP_MAINOFFICE
    > Primary Dns Suffix . . . . . . . :
    > Node Type . . . . . . . . . . . . : Unknown
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : telenet.be
    >
    > Ethernet adapter Local Area Connection LAN:
    > Connection-specific DNS Suffix . : telenet.be
    > Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
    > Ethernet NIC
    > Physical Address. . . . . . . . . : 00-40-F4-90-54-B4
    > Dhcp Enabled. . . . . . . . . . . : Yes
    > Autoconfiguration Enabled . . . . : Yes
    > IP Address. . . . . . . . . . . . : 192.168.0.186
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > IP Address. . . . . . . . . . . . : fe80::240:f4ff:fe90:54b4%4
    > Default Gateway . . . . . . . . . : 192.168.0.1
    > 192.168.0.2
    > DHCP Server . . . . . . . . . . . : 192.168.0.1
    > DNS Servers . . . . . . . . . . . : 195.130.130.4
    > 195.130.130.132
    > fec0:0:0:ffff::1%1
    > fec0:0:0:ffff::2%1
    > fec0:0:0:ffff::3%1
    > Lease Obtained. . . . . . . . . . : Tuesday, May 10, 2005 8:49:24 AM
    > Lease Expires . . . . . . . . . . : Wednesday, May 11, 2005 8:49:24 AM
    >
    > Tunnel adapter Teredo Tunneling Pseudo-Interface:
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    > Physical Address. . . . . . . . . : 80-00-E4-3B-AE-AD-CE-C3
    > Dhcp Enabled. . . . . . . . . . . : No
    > IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
    > Default Gateway . . . . . . . . . :
    > NetBIOS over Tcpip. . . . . . . . : Disabled
    >
    > Tunnel adapter Automatic Tunneling Pseudo-Interface:
    > Connection-specific DNS Suffix . : telenet.be
    > Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
    > Physical Address. . . . . . . . . : C0-A8-00-BA
    > Dhcp Enabled. . . . . . . . . . . : No
    > IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.186%2
    > Default Gateway . . . . . . . . . :
    > DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    > fec0:0:0:ffff::2%1
    > fec0:0:0:ffff::3%1
    > NetBIOS over Tcpip. . . . . . . . : Disabled
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >




+ Reply to Thread