Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
2
Replies

Kali Linux netdiscover causing 90% cpu on 2960x

steve.carlson
Level 1
Level 1

‎12-14-2022 08:32 AM

I am trying to figure out why running the netdiscover process from a Kali Linux device plugged into a 2960x causes high CPU utilization. We use ISE and dot1x for port authentication and as soon as I add any authentication commands to a switchport while netdiscover is running, the CPU on the switch spikes up to 65+%. we have netdiscover doing RFC 1918 scans and even if the kali device does not have an IP address, the CPU spikes.

Here is a sample port config

interface GigabitEthernet1/0/1

switchport access vlan 2
switchport mode access
switchport voice vlan 502
ip flow monitor v4 sampler v4 input
no logging event link-status
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan 2
authentication event server dead action authorize voice
authentication event no-response action authorize vlan 130
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
storm-control broadcast level 1.00
storm-control multicast level 10.00
storm-control action trap
no keepalive
spanning-tree portfast edge

This is the CPU utilization

CPU utilization for five seconds: 68%/5%; one minute: 65%; five minutes: 64%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
6 550030 41874 13135 3.54% 0.46% 0.31% 0 Check heaps
94 23893 7639142 3 0.17% 0.14% 0.13% 0 RedEarth Tx Mana
107 9013 74724 120 0.17% 0.10% 0.07% 0 hrpc <- response
131 10685 4277926 2 0.41% 0.27% 0.30% 0 HLFM address lea
141 6678 171305 38 0.11% 0.12% 0.09% 0 hpm counter proc
142 79254 232469 340 0.05% 0.03% 0.05% 0 HRPC pm-counters
170 5419 847106 6 0.05% 0.03% 0.02% 0 Hulc Storm Contr
179 44659160 4280884 10432 21.24% 21.44% 21.46% 0 Hulc LED Process
195 630893 34159 18469 0.41% 0.35% 0.36% 0 HQM Stack Proces
196 221384 136625 1620 0.11% 0.11% 0.11% 0 HRPC qos request
250 304861 482252 632 16.32% 16.17% 15.86% 0 HULC DAI Process
262 68827 263324 261 5.34% 5.32% 4.98% 0 IP Host Track Pr

 

Any help would be appreciated!

 

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎12-14-2022 09:59 AM

Hello,

what options are you using with netdiscover (e.g. passive/range/time) ? I think it uses ARP broadcasts, try and either increase the 'storm-control broadcast level' to something higher than 1, or increase the time to sleep (-s) between requests, and check if that makes a difference...

0 Helpful

steve.carlson
Level 1
Level 1

‎12-15-2022 04:37 AM

Thank you for the reply but I don't want to make it stop, I am trying to figure out why the CPU goes so high. This is really a vulnerability in the network, basically any use could connect any device to a 2960x, run a netdiscover and take down an entire 2690x switch stack. I have tried different versions of code but so far I have not been able to keep the switch from tipping over

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card