Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA is sending traffic on Port 137

NTA is sending traffic on Port 137

Created by Dexter Padilla, last modified by MindTouch on Jun 23, 2016

Views: 1,548 Votes: 3 Revisions: 15

Overview

According to the firewall reports, the SolarWinds Orion Server is sending traffic on UDP Port 137 to IP addressed in countries not being monitored or have managed devices.

 

Environment

NTA version 3.11 and later

Cause 

The issue is caused by the behavior of Windows servers using NetBIOS, as well as DNS to resolve IP addresses using gethostbyaddr() function.

In short, NTA will make name resolution requests for any flow data containing endpoint IP addresses, in this case the IP addresses were, at some point, involved in a original conversation on the network. 

You can actually search for those IP addresses involved in the port 137 traffic in the Flow Navigator which will show you the original conversation. 

Once the conversation was logged, NTA then makes outbound requests to the host to try to get a NetBIOS name in response.

Resolution

Ultimately, you can turn this feature off if you'd like- most of the time these external IP addresses still won't respond with a NetBIOS name and unless there is significant reason to leave it on due to a heavily legacy-bound NetBIOS-based network, it should be pretty much inconsequential to disable this feature as most networks use regular DNS now.

Either disable NetBIOS in NTA: Go to Settings > NTA Settings:

 

1. Go to Settings then NTA Settings.

 

2. Uncheck Enable NetBIOS resolution of endpoints.

(http://www.solarwinds.com/documentat...resolution.htm)

 

OR

 

Disable NetBIOS under the TCP/IP Advance Settings:

 

1. Go to Start then Control Panel.

 

2. Select Network and Sharing Center.

 

3. Click on Change Adapter Settings.

 

4. Select the Adapter, right-click and choose Properties.

 

5. Select IPv4, click Properties and then Advanced.

 

6. In Advanced TCP/IP Settings, click WINS tab and under NetBIOS Setting select Disable NetBIOS over TCP/IP then click OK.

(https://technet.microsoft.com/en-us/.../cc940063.aspx)

 

 

 

Last modified

Tags

Classifications

Public