 |  |  |  |  |  |  |  |
How can I identify a Broadcast Storm - Pls Help
 |
•
•
Join Date: Feb 2005
Posts: 675
Reputation: 
Solved Threads: 17
Practically a Master Poster
I've got a problem with a broadcast storm in a building on site.
Its got several PCs, Network Printers, all with IP Addresses all linked through a switch, which is then connected to the main servers via xDSL to a second switch.
The problem is the port on the second switch keeps dropping out.
Both switches are Cisco Catalyst 2900s and the second has an IP address configured. Anyone know of any freeware or shareware that I can use to monitor the broadcasts, or how I can monitor throughflow of the switch / port by IP or Mac Address.
Any assistance would be appreciated.
Its got several PCs, Network Printers, all with IP Addresses all linked through a switch, which is then connected to the main servers via xDSL to a second switch.
The problem is the port on the second switch keeps dropping out.
Both switches are Cisco Catalyst 2900s and the second has an IP address configured. Anyone know of any freeware or shareware that I can use to monitor the broadcasts, or how I can monitor throughflow of the switch / port by IP or Mac Address.
Any assistance would be appreciated.
Hello,
If you had a broadcast storm going on, all of your network devices would be nearly paralyzed, and you would be able to sniff packets from any node on the network (because broadcasts hit every devices, regardless if it is a switch or a hub as a network combining hardware device).
For packet sniffing, there is a freeware tool available with linux -- Ethereal. Of course, you would see all of the packets and what they are doing... although you might have to scroll through lots of data to get to it.
Might want to ask yourself if there were any devices recently added to the network, or did someone replace a patch cable in the closet, or perhaps at a desktop? What change was made? You might also have a virus running around.... a few weeks ago, we got hit with bling (also called Spybot) that tried to pound it's way across the Windoze machines. Brought the network to a near halt.
Good Luck with it,
Christian
If you had a broadcast storm going on, all of your network devices would be nearly paralyzed, and you would be able to sniff packets from any node on the network (because broadcasts hit every devices, regardless if it is a switch or a hub as a network combining hardware device).
For packet sniffing, there is a freeware tool available with linux -- Ethereal. Of course, you would see all of the packets and what they are doing... although you might have to scroll through lots of data to get to it.
Might want to ask yourself if there were any devices recently added to the network, or did someone replace a patch cable in the closet, or perhaps at a desktop? What change was made? You might also have a virus running around.... a few weeks ago, we got hit with bling (also called Spybot) that tried to pound it's way across the Windoze machines. Brought the network to a near halt.
Good Luck with it,
Christian
Good call on virus/changes, especially if someone put a second link between the switches.
McFly; What do you mean xDSL between them? What devices/model #'s do the DSL? How much distance between switches? What kind of cable is between them?
PCs<----->Cat29k<----->???<--(dsl?)-->???<----->Cat29k<----->servers
Do you have a console cable? passwords? can you log into the switches?
McFly; What do you mean xDSL between them? What devices/model #'s do the DSL? How much distance between switches? What kind of cable is between them?
PCs<----->Cat29k<----->???<--(dsl?)-->???<----->Cat29k<----->servers
Do you have a console cable? passwords? can you log into the switches?
•
•
Join Date: Feb 2005
Posts: 675
Reputation:
Solved Threads: 17
Practically a Master Poster
xDSL as in ADSL technology, we've got some ascom equipment that transmitts across site via twisted pair BT Line, a 1 mile distance. I'm not too sure if it is a virus, because we are a Government site we are protectively linked to the outside, and more of the site should be affected. No one has picked this up on our Anti-Virus. I think its most likely a faulty equipment, continually transmitting, or possibly the first switch has a configuration problem, the problem has existed since the building was kitted out with new equipment.
•
•
Join Date: Feb 2005
Posts: 675
Reputation:
Solved Threads: 17
Practically a Master Poster
Sorry, I should of added this is why I want to monitor network traffic, try and identify a single piece of equipment thats broadcasting excessively. Anyone heard of a problem with faulty cisco equipment creating broadcast storms.
I have been working on Cisco gear about six years now, I have never heard of it but I know not to rule it out. It sounds more like a uplink port flaking out, spanning tree issue, or something with those line drivers.
Any reason not to upgrade the IOS to a current rev and blow away the configs on both switches and run them defaulted?
Any reason not to upgrade the IOS to a current rev and blow away the configs on both switches and run them defaulted?
•
•
Join Date: Feb 2005
Posts: 675
Reputation:
Solved Threads: 17
Practically a Master Poster
•
•
•
•
Originally Posted by w1r3sp33d
Any reason not to upgrade the IOS to a current rev and blow away the configs on both switches and run them defaulted?
Thanks for your help
Hey Marty, thought of another one if you are worried about broadcasts. Click the mode button on the front of the switch you are worried about until you get to "util" this will tell the the % of utilization of the switch.
If it is a 24 port each light will represent about a 4% load, if it is a 12 port switch, each light will represent a 8% load.
If it is constantly running below 30% I wouldn't worry about it on a network that size.
If it is a 24 port each light will represent about a 4% load, if it is a 12 port switch, each light will represent a 8% load.
If it is constantly running below 30% I wouldn't worry about it on a network that size.
also, if you log into the console (or telnet to a switch and type "enable" and the enable password followed by "term mon") do you see messages scrolling down the screeen? If so could you either post a sample?
•
•
Join Date: Feb 2005
Posts: 675
Reputation:
Solved Threads: 17
Practically a Master Poster
Thanks for your assistance. I've had a look at the term mon, and I get no message, but you have possibly helped me out a great deal with the Util on the switch. I had a look at the first switch, and this was on 40% utilisation, (and this was at lunch when the system wasn't being used), with a max of about 70% over the life of the configuration.
From this I'm looking into the fact that the second switch can't handle the load, as the 40% is only from one building out of about 20 that it controls. I'll be checking the utilisation on the that switch tomorrow, will keep you posted.
Many thanks, David
From this I'm looking into the fact that the second switch can't handle the load, as the 40% is only from one building out of about 20 that it controls. I'll be checking the utilisation on the that switch tomorrow, will keep you posted.
Many thanks, David
|
Other Threads in the Networking Hardware Configuration Forum
- Previous Thread: difference between tcp and sctp?
- Next Thread: Why is it still 11mbps???????
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Networking Hardware Configuration Posts
802.11 802.11n bluetooth british broadband browserproblems bt connectionproblem connectivity data desktop dual hardware infrastructure internet network networking news program reliability riched20.dll routers storage survey technology telecoms troubleshoot uk videoconferencing view virgin wireless wirelessnetworking