Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2002, The Technology Firm Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm

Published byVirgil Dawson Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2002, The Technology Firm Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm"— Presentation transcript:

1 © 2002, The Technology Firm WWW.THETECHFIRM.COM Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm info@thetechfirm.com

2 © 2002, The Technology Firm WWW.THETECHFIRM.COM 2 Symptoms And What The Experts Say.  Client has intermittent ‘slow downs’.  Protocol Analyzer was connected to a switch port. No mirroring/spanning.  As part of the broadcast investigation process, broadcast packets were inspected along with Expert feedback.  Most common red herring is taking the Expert feedback literally and believe there are duplicate IP’s and client/router mis-configurations.

3 © 2002, The Technology Firm WWW.THETECHFIRM.COM 3 The following screen captures show that the Sniffer reports Duplicate Network Address and Router Storm. NAI Sniffer Pro Results

4 © 2002, The Technology Firm WWW.THETECHFIRM.COM 4 NAI Sniffer Pro – The Investigation A “Display Filter” was defined to display the duplicate packets. Modify the “Display Setup” to show the IP layer and disable ‘Show Network Addresses’.

5 © 2002, The Technology Firm WWW.THETECHFIRM.COM 5 NAI Sniffer Pro – The Packets.  After applying our filter, I noticed that the Frame Number started at 1, so I noted the ID number and removed the filter.  I notices that the first packet was from the real client (00306e1c0449), the next 127 packets were duplicates sent by an ASN router interface (00-00-a2-cc-6d-d9).  The key here is that the other packets have the same IP Identifier (3129).

6 © 2002, The Technology Firm WWW.THETECHFIRM.COM 6 Fluke Protocol Expert  The Protocol Expert is reporting, ‘Excessive Mailslot Broadcasts’, ‘Router Storm’ and ‘IP Time To Live Expiring’

7 © 2002, The Technology Firm WWW.THETECHFIRM.COM 7 Fluke Protocol Expert – The Investigation Modify the “Capture View Display Options” to show the IP layer and disable ‘Show Network Addresses’. By reviewing the Capture View -> Duplicate Addresses, you can see that the BAY MAC consistently comes up.

8 © 2002, The Technology Firm WWW.THETECHFIRM.COM 8 Fluke Protocol Expert – The Investigation A “Display Filter” was defined to display the duplicate packets.

9 © 2002, The Technology Firm WWW.THETECHFIRM.COM 9 Fluke Protocol Expert – The Packets  After applying our filter, I noticed that the Frame Number started at 0, so I noted the ID number and removed the filter.  I noticed that the first packet was from the real client (00306e1c0449), the next 127 packets were duplicates sent by an ASN router interface (00-00-a2-cc-6d-d9).  The key here is that the other packets have the same IP Identifier (3129).

10 © 2002, The Technology Firm WWW.THETECHFIRM.COM 10 Conclusions Regardless of which tool you use, you will see the same basic pattern:  Looping packets delivered by the BAY MAC address. Possible explanations:  A device with two network cards is causing a routing loop.  A device with a specific routing misconfiguration like IP Forwarding.  Router has a generic UDP packet forwarding command causing these loops. Possible next steps:  Review router configuration for UDP forwarding commands.  Place the analyzer on the same switch port as the router port to see if another device is relaying these UDP packets to it.  In this example the client experienced a router misconfigured for UDP flooding.

Download ppt "© 2002, The Technology Firm Broadcast Analysis - Looping Packets Tony Fortunato The Technology Firm"

Similar presentations

Lecture 2 - Networking Devices

Lecture 2 - Networking Devices
CCNA3 v3 Module 7 v3 CCNA 3 Module 7 JEOPARDY K. Martin.

CCNA3 v3 Module 7 v3 CCNA 3 Module 7 JEOPARDY K. Martin.
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
Static Routing Last Update 2011.05.15 1.3.0 1Copyright 2008-2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Static Routing Last Update Copyright Kenneth M. Chipps Ph.D.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE00378-1.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
Evolution of Networking Devices

Evolution of Networking Devices
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
© 2001, The Technology Firm 1 Switching and Bridging The Technology Firm

© 2001, The Technology Firm 1 Switching and Bridging The Technology Firm
ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.
© 2003, The Technology Firm TCP Checksum Errors.

© 2003, The Technology Firm TCP Checksum Errors.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
NUS.SOC.CS2105 Ooi Wei Tsang Application Transport Network Link Physical you are here.

NUS.SOC.CS2105 Ooi Wei Tsang Application Transport Network Link Physical you are here.
Discovery 2 Internetworking Module 5 JEOPARDY John Celum.

Discovery 2 Internetworking Module 5 JEOPARDY John Celum.

Similar presentations

Ads by Google