© 2002, The Technology Firm Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm

Slides:

Advertisements

Similar presentations

Lecture 2 - Networking Devices

Advertisements

CCNA3 v3 Module 7 v3 CCNA 3 Module 7 JEOPARDY K. Martin.

Implementing Inter-VLAN Routing

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

Introduction to Network Analysis and Sniffer Pro

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.

Static Routing Last Update Copyright Kenneth M. Chipps Ph.D.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE

Evolution of Networking Devices

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

© 2001, The Technology Firm 1 Switching and Bridging The Technology Firm

ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

© 2003, The Technology Firm TCP Checksum Errors.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

NUS.SOC.CS2105 Ooi Wei Tsang Application Transport Network Link Physical you are here.

Discovery 2 Internetworking Module 5 JEOPARDY John Celum.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

© 2004, The Technology Firm Ethertype 886 from the Intel website Probe Packets and Settings AFT and ALB teams use probe packets. Probes.

HNC COMPUTING - Network Concepts 1 Network Concepts Devices Introduction into Network Devices.

25-Oct-15Network Layer Connecting Devices Networks do not normally operate in isolation.They are connected to one another using connecting devices. The.

OSI Model. Switches point to point bridges two types store & forward = entire frame received the decision made, and can handle frames with errors cut-through.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs.

© 2004, The Technology Firm Ethernet IP Industrial Protocol From  EtherNet/IP is an industrial networking standard.

Click to edit Master subtitle style

Chapter 17 Connecting Devices And Virtual LANs 17.# 1

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

NET 324 D Networks and Communication Department Lec1 : Network Devices.

S7C7 – Multilayer Switching Design and Configuration.

Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.

Linux Operations and Administration Chapter Eight Network Communications.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Exploring the Packet Delivery Process.

1 Interview Questions - What is the difference between TCP and UDP? - What is Nagle's Algorithm? - Describe the TCP handshaking process. - What is Slow.

Slide #1 CIT 380: Securing Computer Systems TCP/IP.

VLAN Trunking Protocol

Address Resolution Protocol (ARP). Internet and Data Link Layer Addresses Each host and router on a subnet needs a data link layer address to specify.

Copyright 2009 Kenneth M. Chipps Ph.D. Addressing in Networks Last Update

Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.

DIYTP Network Basics  How do computers communicate?  Network Interface Card (NIC)  Media Access Control Address (MAC)  Unique to each NIC 

CCNA3 v3 Module 4 v3 CCNA 3 Module 4 JEOPARDY K. Martin.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

CCNA1 v3 Module 8 v3 CCNA 1 Module 8 JEOPARDY S Dow.

Cisco Study Guide

Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.

g Silly Switching Hiding Behind a Mask Unreliable Exchange Port Wine.

Network Load Balancing Addressing

Instructor Materials Chapter 8: DHCP

Instructor Materials Chapter 5: Network Security and Monitoring

Step-by-step explanation what happens if a L3 device is connected via a L2 vPC: Packet arrives at R R does lookup in routing table and sees 2 equal paths.

MAC Address Tables on Connected Switches

© 2002, Cisco Systems, Inc. All rights reserved.

Troubleshooting a “Broken LAN”

Introduction to Networking

CT1403 Lecture #3 Peer to Peer NWs

One Upon A Time Computer Networks

CCNO CISCO Implementing Cisco IP Switched Networks (SWITCH )

Implement Inter-VLAN Routing

Routing and Switching Essentials v6.0

Connecting LANs, Backbone Networks,

CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.

Implement Inter-VLAN Routing

Chapter 15. Connecting Devices

Implement Inter-VLAN Routing

© 2002, Cisco Systems, Inc. All rights reserved.

Presentation transcript:

© 2002, The Technology Firm Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm

© 2002, The Technology Firm 2 Symptoms And What The Experts Say.  Client has intermittent ‘slow downs’.  Protocol Analyzer was connected to a switch port. No mirroring/spanning.  As part of the broadcast investigation process, broadcast packets were inspected along with Expert feedback.  Most common red herring is taking the Expert feedback literally and believe there are duplicate IP’s and client/router mis-configurations.

© 2002, The Technology Firm 3 The following screen captures show that the Sniffer reports Duplicate Network Address and Router Storm. NAI Sniffer Pro Results

© 2002, The Technology Firm 4 NAI Sniffer Pro – The Investigation A “Display Filter” was defined to display the duplicate packets. Modify the “Display Setup” to show the IP layer and disable ‘Show Network Addresses’.

© 2002, The Technology Firm 5 NAI Sniffer Pro – The Packets.  After applying our filter, I noticed that the Frame Number started at 1, so I noted the ID number and removed the filter.  I notices that the first packet was from the real client (00306e1c0449), the next 127 packets were duplicates sent by an ASN router interface (00-00-a2-cc-6d-d9).  The key here is that the other packets have the same IP Identifier (3129).

© 2002, The Technology Firm 6 Fluke Protocol Expert  The Protocol Expert is reporting, ‘Excessive Mailslot Broadcasts’, ‘Router Storm’ and ‘IP Time To Live Expiring’

© 2002, The Technology Firm 7 Fluke Protocol Expert – The Investigation Modify the “Capture View Display Options” to show the IP layer and disable ‘Show Network Addresses’. By reviewing the Capture View -> Duplicate Addresses, you can see that the BAY MAC consistently comes up.

© 2002, The Technology Firm 8 Fluke Protocol Expert – The Investigation A “Display Filter” was defined to display the duplicate packets.

© 2002, The Technology Firm 9 Fluke Protocol Expert – The Packets  After applying our filter, I noticed that the Frame Number started at 0, so I noted the ID number and removed the filter.  I noticed that the first packet was from the real client (00306e1c0449), the next 127 packets were duplicates sent by an ASN router interface (00-00-a2-cc-6d-d9).  The key here is that the other packets have the same IP Identifier (3129).

© 2002, The Technology Firm 10 Conclusions Regardless of which tool you use, you will see the same basic pattern:  Looping packets delivered by the BAY MAC address. Possible explanations:  A device with two network cards is causing a routing loop.  A device with a specific routing misconfiguration like IP Forwarding.  Router has a generic UDP packet forwarding command causing these loops. Possible next steps:  Review router configuration for UDP forwarding commands.  Place the analyzer on the same switch port as the router port to see if another device is relaying these UDP packets to it.  In this example the client experienced a router misconfigured for UDP flooding.