11-15-2011 02:01 AM - edited 03-07-2019 03:23 AM
Hi All
OK so I was thrown in to the fire yesterday and asked to figure out why a network was going down in one area every 10 minutes roughly for about 20-30 seconds.
This was not a cisco network unfortunatley but debugging is the same right? There are 12 x 24 port switches (3 dell and 9 netgear) and they are all daisy chanined and running RSTP.
First thing I noticed was when I plugged in my laptop to any port on any switch when I ran tcpdump I could see all tcp packets from anywhere on the LAN. It was behaving more like the network was full of hubs. I did narrow down the issue to a singlar switch and it looks like a virus on a PC.
My question is why whould I see all traffic from around the network on on any port of any so called switch? I have never seen this before.
Thankfully I am doing a new network design for them (cisco) so they have a first class network and not one that has oranically grown.
Thanks
Mick
11-15-2011 05:43 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
My question is why whould I see all traffic from around the network on on any port of any so called switch? I have never seen this before.
It's possible the virus is causing your switches' mac tables to overflow which in turn causes unicast flooding.
11-15-2011 05:58 AM
absolutely that is possible. I hadnt considered unicast flooding. thanks for highlighting it.
Its hard to troubleshoot this with all this traffic going on in the network. if you have any helpful ideas in nailing this down please share.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide