If broadcast happens in a large network having at least 15 switches and 500 hosts connect to these s...

krdeepak2u · ‎10-09-2010

If broadcast happens in a network having at least 15 switches(both layer 2 and layer 3) and 500 hosts connect to these switches, how can we easily detect that which switch/host is doing broadcast in the network without taking any downtime of the live network? We need to identify the switch/host for its further troubleshooting.

jonathanaxford · ‎10-10-2010

Hi,

You could try running a packet sniffer on the network segment that is experiencing the broadcast traffic. You could then filter the output to see only broadcast traffic and then narrow it down from there.

Depending on how busy the network is, this could be quite a large capture file though....

Cheers

Jonathan

danrya · ‎10-10-2010

Since these are switches, you should be able to hook up a sniffer to any port in the vlan and capture traffic. Any non-broadcast traffic should never reach the sniffer, since the switch will only send it to the port that should get it (after the mac address is learned). So, if the sniffer is getting a ton of non-broadcast traffic, then you need to dig into why. But generally speaking, that should give you an idea of where the broadcasts are coming from.

I would recommend that you make your broadcast domain smaller than 500 hosts.

Dan

If broadcast happens in a large network having at least 15 switches and 500 hosts connect to these switches, how can we easily detect that which switch is doing broadcast in network without taking any downtime of live network?