Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
5
Helpful
2
Replies

Debug Question - Switched Network

agent2007
Level 1
Level 1

‎11-15-2011 02:01 AM - edited ‎03-07-2019 03:23 AM

Hi All

OK so I was thrown in to the fire yesterday and asked to figure out why a network was going down in one area every 10 minutes roughly for about 20-30 seconds.

This was not a cisco network unfortunatley but debugging is the same right?  There are 12 x 24 port switches (3 dell and 9 netgear) and they are all daisy chanined and running RSTP.

First thing I noticed was when I plugged in my laptop to any port on any switch when I ran tcpdump I could see all tcp packets from anywhere on the LAN.  It was behaving more like the network was full of hubs.  I did narrow down the issue to a singlar switch and it looks like a virus on a PC.

My question is why whould I see all traffic from around the network on on any port of any so called switch?  I  have never seen this before.

Thankfully I am doing a new network design for them (cisco) so they have a first class network and not one that has oranically grown.

Thanks

Mick

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-15-2011 05:43 AM

Disclaimer

The     Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not   be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In     no event shall Author be liable for any damages whatsoever   (including,   without limitation, damages for loss of use, data or   profit) arising  out  of the use or inability to use the posting's   information even if  Author  has been advised of the possibility of  such  damage.

Posting

My question is why whould I see all traffic from around the network on on any port of any so called switch?  I  have never seen this before.

It's possible the virus is causing your switches' mac tables to overflow which in turn causes unicast flooding.

agent2007
Level 1
Level 1
In response to Joseph W. Doherty

‎11-15-2011 05:58 AM

absolutely that is possible.  I hadnt considered unicast flooding.  thanks for highlighting it.

Its hard to troubleshoot this with all this traffic going on in the network.  if you have any helpful ideas in nailing this down please share.

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card