James,
 
sorry, NetView is sending address mask REQUESTS. The reason for the
question is that we have a very sensitive part of our network and an IPS
box picked up this (new) traffic and you have explained why.  I recently
removed SNMP monitoring from a few devices in this sensitive network and
the IPS box picked up the daily discovery.
 
I was sniffing that net segment today and saw only the 5 min echo
request and echo replies so I figured it may be due to the discovery but
was unsure why the address mask requests started last night.
 
Thank you again for your help.
 
always appreciated,
 



Kevin Sperry 
IT Analyst, Data Center Monitoring Control 



________________________________

From: nv-l-bounces AT lists.ca.ibm DOT com
[mailto:nv-l-bounces AT lists.ca.ibm DOT com] On Behalf Of James Shanks
Sent: Wednesday, February 25, 2009 2:24 PM
To: Tivoli NetView Discussions
Subject: Re: [NV-L] NetView sending ICMP Address Mask replies



My netmon expert confirms that netmon will send an ICMP Address Mask
request to a node when it does not have SNMP access to the
IPAddrTable and the IfTable. And that the request will be sent at (1)
initial discovery, (2) the daily config poll, and (3) demand poll.

But why you should see the NetView machine send an ICMP Address Mask
reply puzzles me. A reply would indicate that another machine sent the
request to the NetView machine. And it would not be NetView's job to
reply but rather the host OS's job to respond to that ping. 

I'm also curious as to what prompted this question. How would you happen
to notice this traffic? What are you doing? Sniffing packets in order to
discover the details of the discovery process? :-)

That's up to you I guess But it's proprietary and we deliberately don't
publish much about it. 

James Shanks
Tivoli Network Availability Management Level Three 
Network Availability Management
Tivoli Software, IBM Corp
1-919-224-1642 | T/L 687-1642 | ITN 26871642
 Francois Le Hir <flehir AT ca.ibm DOT com>




                                Francois Le Hir <flehir AT ca.ibm DOT com> 
                                Sent by: nv-l-bounces AT lists.ca.ibm DOT com 

                                02/25/2009 02:02 PM 
        
        Please respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>

 

To

Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>       


cc

        


Subject

Re: [NV-L] NetView sending ICMP Address Mask replies    
                

yes it's part of the discovery process. I believe it does that when
there is no snmp access and it tries to find the subnet mask for the
interfaces.

Salutations, / Regards,

Francois Le Hir
Network Projects & Consulting Services
IBM Global Technology Services

"Do not go where the path may lead; go instead where there is no path
and leave a trail." - Ralph Waldo Emerson.
 "Sperry, Kevin" <Kevin.Sperry AT us.ngrid DOT com>



                                        "Sperry, Kevin"
<Kevin.Sperry AT us.ngrid DOT com> 
                                Sent by: nv-l-bounces AT lists.ca.ibm DOT com 

                                        02/25/2009 01:23 PM 

Please respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>
  
To

"Tivoli NetView Discussions" <nv-l AT lists.ca.ibm DOT com>     
 
cc
        
 
Subject

[NV-L] NetView sending ICMP Address Mask replies        
                
Hello again, 

Using NetView 7.1.5 FP1 on AIX and noticed that for a brief period last
evening, NetView was sending ICMP Address Mask replies to a couple of
hosts. They have stopped now. Why would NetView send this type of ICMP
out to known hosts? Is it part of the discovery process? 

Any insight would be greatly appreciated as always. 

Kevin Sperry 
IT Analyst, Data Center Monitoring Control 

************************************************************************
********
This e-mail and any files transmitted with it, are confidential to
National Grid and are intended solely for the use of the individual or
entity to whom they are addressed.  If you have received this e-mail in
error, please reply to this message and let the sender
know._______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l
<http://lists.ca.ibm.com/mailman/listinfo/nv-l>  (Browser access limited
to internal IBM'ers only) 
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)




********************************************************************************
This e-mail and any files transmitted with it, are confidential to National 
Grid and are intended solely for the use of the individual or entity to whom 
they are addressed.  If you have received this e-mail in error, please reply to 
this message and let the sender know.

_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)