+ Post New Thread
Results 1 to 7 of 7
Wired Networks Thread, Network analysis - help needed in Technical; Anyone good at analyzing Wireshark logs? Our Allied Telesis switches are blinking in unison and it looks like a 70's ...
  1. #1
    earlyriser's Avatar
    Join Date
    Apr 2009
    Location
    New Zealand
    Posts
    62
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    11

    Network analysis - help needed

    Anyone good at analyzing Wireshark logs? Our Allied Telesis switches are blinking in unison and it looks like a 70's disco. I've tested for loops and not found any so far, so I'm suspecting that perhaps we have something causing some sort of broadcast storm. The problem is, I'm really not sure what is considered 'normal' so am not getting far analyzing the recent wireshark log from my workstation. I've attached the log if anyone is keen/able to have a look and let me know if anything looks suspicious (sorry, it's a 4mb file)

    Thanks in advance people
    Attached Files Attached Files

  2. #2
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,419
    Thank Post
    507
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    I can see alot of traffic from Iphones and Ipods on your network and cache flushes for those devices, there is also a lot of ICMPv6 traffic advertising router soliciting & neighbor advertisements. The other thing that I can see is theres alot of ARP (DHCP) requests.

    Sorry can see STP traffic on there - to be honest threes alot of traffic but I haven't found anything on there yet that should cause any problems.

  3. #3

    Join Date
    Dec 2009
    Location
    Woking
    Posts
    94
    Thank Post
    0
    Thanked 17 Times in 17 Posts
    Rep Power
    12
    Are you experiencing network throughput issues?

    There's no loop in the VLAN that your wireshark capture was taken from. Do you have multiple VLANs? The loop may be on one of them.

  4. #4

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,664
    Thank Post
    1,614
    Thanked 1,866 Times in 1,384 Posts
    Blog Entries
    2
    Rep Power
    400
    Ipod and Iphone traffic seems to be account for a massive amount of that traffic. Do you use them in your school?

    Also as with what people have already said, are there any loop backs?

    Also seems like your unifi devices are clogging up, perhaps there are some heavily used APs?

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,984
    Thank Post
    850
    Thanked 2,650 Times in 2,250 Posts
    Blog Entries
    9
    Rep Power
    763
    Do you have any layer 3 switches ie the core. If so have you segmented wireless and wired connections into different subnets and possibly different areas of the school. This would limit the broadcasts from the above devices (like the gossipy iToys) from spreading out across the whole network. As a byproduct if there are any devices that are really misbehaving it will limit their effects to that area and make them easier to track down.

    By splitting the network into routed chunks it will make the whole thing more robust and easier to troubleshoot in future.

    Your not on the SNAP hosted firewall stuff are you as it seems they had an issue with broadcasts and if their system is not setup quite right (not unlikely) you could be getting broadcasts leaking in from other schools at a high rate even if it is not up to the level of a full network killing storm.

  6. #6
    earlyriser's Avatar
    Join Date
    Apr 2009
    Location
    New Zealand
    Posts
    62
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Thanks for the replies guys. I've got no throughput issues, and things are working fine, I just noticed that the lights on the Allied Telesis switches were blinking in unison and wondered what, if anything, was going on.

    No loops that I am aware of. I've got RSTP enabled on all of the switches anyway, and there are definitely no loops between switches. I'll check for network outlets patched to each other etc. We've currently got a flat network, no VLANs. I'm going to put the wireless gear (unifi) onto a VLAN to segregate the wireless traffic, as yes, the iToys do seem to be VERY chatty to say the least. I've got an AT-x900 Layer 3 switch at the core so will route using that.

    Synack, we are on FX Networks, not SNAP, so don't think it's anything to do with that.

    Thanks for taking the time to have a look

  7. #7


    Join Date
    May 2009
    Posts
    2,873
    Thank Post
    258
    Thanked 766 Times in 581 Posts
    Rep Power
    269
    Some switches have different modes for the status LED's. Are you sure the switches are set to blink on activity on the individual port rather than when the port is live AND the switch is active (which would cause them to all blink at once)?

SHARE:
+ Post New Thread

Similar Threads

  1. network design lots of help needed
    By djgreek in forum Wireless Networks
    Replies: 3
    Last Post: 3rd November 2009, 10:30 PM
  2. Help needed to reconfig my DC's
    By tosca925 in forum Windows
    Replies: 16
    Last Post: 20th November 2006, 10:45 PM
  3. Sixth formers as network support help?
    By theriver in forum General Chat
    Replies: 24
    Last Post: 7th July 2006, 10:56 AM
  4. Wireles Network cards - advice needed
    By pooley in forum Wireless Networks
    Replies: 14
    Last Post: 5th February 2006, 12:34 PM
  5. Help needed creating a DMZ
    By pooley in forum Wireless Networks
    Replies: 12
    Last Post: 11th January 2006, 10:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •