Since the introduction of Microsoft Vista I have seen more and more layer 2 and IPv6/v4 multicast traffic. Depending on your network design and your computer configuration, these pesky little packets can really cause you a lot of grief. In this little write up I will touch on the layer 2 network noise.
For those of you who had the opportunity to see the evolution of networking, you will clearly remember the challenges layer 2 protocols caused as we moved to routed segments and VLANs. NetBEUI, DLC, LLC and their relatives were all banished since they could not natively traverse the new routed networks. So why would Microsoft re-introduce this in this day and age. Wait a minute, I have to reformat my 5 1/2" drive on my 286 desktop, running DOS 3.3.... ;b
Many network designers have spent long hours trying to figure out how to segment their networks with the least amount of impact, network reconfiguration while maintaining acceptable performance levels.
You can guess how surprised I was when I learned that Microsoft has installed their Link Layer Topology Discovery Protocol by default so we can have a pretty 'Network Map' that no one I know has ever used.
I first noticed this when I setup my new laptop with Windows 7 and performed my first Wireshark capture. This gave me an idea of what a capture would look like in my parents basement during one of our italian get-togethers... Yikes...
I have updated my Microsoft Networking Course notes, which I will share with you.
This protocol is used - usually at home - to discover and access devices that may have had a DHCP assigned address. For example a web-cam, network printer, router, media center server... I'm sure you get my drift.
In many of my 'Network Janitor' engagements, I single this out as a protocol to clean up ASAP. I say this because in most corporate environments, there isn't a need to discover anything. You usually know the ip address or host name of your network services and servers. If you had to look anything up it would be via DNS, LDAP or WINS.
Some customers counter that they disable this when people log on, (or via a Group Policy) but I ask, what happens if they log into a local account, or use their laptop outside of the corporate network? I'm from the opinion, "If you don't need it, get rid of it".