Network Threat Protection traffic log shows Blocked Ethernet (type = 0x34) and (type = 0x5c)
Updated: 21 May 2010 | 13 comments
Network Threat Protection traffic log shows Blocked Ethernet (type = 0x34) and (type = 0x5c) from remote host 0.0.0.0.
What is this type of communication and what should I do about these types of communication?
discussion Filed Under:
Comments
Not sure what these Ethernet
Not sure what these Ethernet Types are however does it show MAC addresses as well ?
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
No MAC addresses
No MAC addresses (FF.FF.FF.FF.FF.FF)
May be it is some type of
May be it is some type of broadcast...
Can you take a snap shot and upload here....
Regards,
Srinivas H.P.
HCL Infosystems Ltd
Screenshot
Can you please post the screenshot which depicts the error message.
Thanks & Regards Sandip C Sali
No, I have not figured how to
No, I have not figured how to get the BMP file uploaded. Can get the Insert image to work.
Ethernet (type = 0x34) and (type = 0x5c)
Is header information for the few few bits of data as defined in the IEEE 802.3 standard.
From hos 0.0.0.0 is likely to be multicast or broadcast information.
Have you modified the original Firewall Rules as set in the SEPM?
No, I did not modified the
No, I did not modified the original Firewall Rules. The sample computer has version 11.0.5. I not sure what the M means after Symantec Endpoint Protection.
Go to command prompt and
Go to command prompt and trype arp -a
find out what is the ip related to "00-0F-B5-88-D8-A9", "00-14-6C-E9-7C-45"
then you can track the pc and check.
Make sure all windows patches are installed.
Also check AV Status.
Regards,
Srinivas H.P.
HCL Infosystems Ltd
The command arp -a will not
The command arp -a will not help as the computer was turned off and the table is almost empty.
The associated IP can be found by looking at the router DHCP and matching the MAC address,
then computer name can be found from nbtstat -A <Ip address>
But what good does this do me? I only know which computers are involved but not the application that is being blocked.
I was not able to upload an image.
The MAC address specified in
The MAC address specified in the Traffic log (00-0F-B5-88-D8-A9 and 00-14-6C-E9-7C-45)belongs to Netgear . MAC addresses can be verified from the following link www.coffer.com/mac_find/
check if any Netgear hardware is installed ??
Also i think ethernet type 0x34 and 0x5C belong to IEEE as the Ethernet type range (0x0000 - 0x05DC IEEE 802.3 length). Check this link for all ethernet types. www.networkdictionary.com/networking/EtherType.php
Let me know if this actually hepled you
Yes, these Macs are Netgear
Yes, these Macs are Netgear for WPM311 and WG111T respectively.
I not seeing anything I can used from the link.
The entries in the log about
The entries in the log about ntoskrnl.exe are normal about any firewall.This log will be generated even if no rules are configured. Because the firewall is by default configured to check the UDP traffic. You will find this kind of ntoskrnl.exe (UDP) log even from Windows Firewall.
The entry containing the
The entry containing the ntoskrnl.exe is not blocked. The blocked messages may or may not have a ntoskrnl.exe nearby from the same MAC.
Would you like to reply?
Login or Register to post your comment.