+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, ARGH in Technical; something is going haywire with the network. Non-managed switches throughout the school are all flashing like crazy. Gonna be fun ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

    ARGH

    something is going haywire with the network. Non-managed switches throughout the school are all flashing like crazy. Gonna be fun afternnon trying to figure this one out

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,939
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    sounds like a loopback mate.

  3. #3

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    aye been thinking that. Been round and turned off almost all the switches in the whole school and its still goin on

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Start at your core switch and remove all of the links to the sub cabinets and switches one at a time. When the crazy blink stops this should isolate it to a segment of your network at least. You can then just work your way down through the network to isolate it, unless of course the loopback is on your core.

  5. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Disconnected each segment of the network one at a time, and it slowly got better the more I unplugged. Swapped out the main switch as well. Its still looking pretty busy though. Its a flat unsegmented network so Im just wondering if its normal traffic. Although there was something up yesterday and the whole network stopped to a halt.

    What would wireshark look like if i had a loopback? Can I post up a 5 minute (1.3mb) capture from the main switch for someone to look at?

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Wireshark would have a whole bunch of identical broadcasts and multicasts as switched frames do not have a TTL they will keep bouncing around forever in a loopback situation. You would be looking for a whole bunch of ARP requests etc from the same bunch of hosts over and over again.

  7. Thanks to SYNACK from:

    RabbieBurns (3rd September 2008)

  8. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Thanks. I dont see any of that, neither did I during the hectic time yesterday.
    Last edited by RabbieBurns; 3rd September 2008 at 12:13 PM.

  9. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by RabbieBurns View Post
    Thanks. I dont see any of that, neither did I during the hectic time yesterday.
    If you want to post that log here I should be able to have a look at it for you, might be better to email it though as because it contains the data from the packets as well as the packets itself it may contain sensitive information. PM me for my email if your interested.

  10. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Just looked through and had a few thoughts. I assume that you have at least one managed netgear switch and that you may be directly connected to it?

    There seemed to be an awful lot of TCP reset packets flying around, these are usually the result of something in the traffic path reseting the connection possibly filtering or an upstream router.

    There were also a lot of Netbios name querys flying about which could be ok depending on the tools in use (some software is old and ignores DNS) but could be looked into as these are being IP broadcast to the whole school. The main offenders here were:

    • 10.10.10.80(00:16:76:72:d7:67) looking for BRN_A20F85


    • 10.10.10.253(00:06:5b:f1:74:ff) which was looking for all sorts and generating lots of ARP requests


    • SCHOOL3 - 10.10.10.83(00:10:18:19:56:54) - was spewing ARPs everywhere, oftern the same ones so this could be a loopback somewhere near that card.


    The thing is that this dump only provides a small bit of the information if you are connected to the managed switch as any filtering that has been done will prevent your station from reciving all of the packets. Ideally you want to connect your machine directly to each of the unmanaged sections and check for tonnes of broadcasts there as the managed switch may be suppressing some of them. You could also do a capture on the core switch with the port that it is connected to set to mirror a diagnostic mode that will push all unfiltered traffic on the switch to your port. This is no substitute for the captures from each unmanaged section of the network through.

    Hope this helps in your hunt and diagnostics.

  11. #10

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    The netgear that you are seeing is probably the point to point wireless bridges that link our three buildings.

    I am plugged into a small unamaged switch with all the servers and the ADSL router, which then goes to the main core switch beside it. No managed switches anywhere, but we have just ordered one today

    .253 and .83 are 2 of our servers, file server, backup DC and WSUS etc. The other one is just a client over at the junior school, im not sure what thats up to.

    Our whole network is just one massive 255.255.0.0 subnet 10.10.1.x and 10.10.10.x all on the one net accross 3 buildings (not my design heh)

    From what you saw, would you agree that there isnt anything like a loopback in place, and all the broadcasts are purely symptoms of having such a large flat network?

  12. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    The behavior of .83 was really weird and could possibly indicate something wrong with it or software behavior that I have not encountered. Having said that it is probably not a loopback as the identical broadcasts were too far apart.

    The netgear thing that I was seeing was a device constantly trying to participate in an STP election so I assumed it was a managed switch but could indeed be the point to points.

    The tcp resets are more worring though as I have seen networks slow right down because of devices that were generating them, it seemed to be mostly with net traffic though.

    Is there no way that your servers could be connected to a larger switch directly as this could improve the speed emencly. We had a simmilar setup where all of the servers were on a small switch and then shared a single 100mb link back to the main network. I personally put in extra cat5e to get them each their own link to the core and the speed difference was vast. This is not only because they did not have to share but because the CPU and backplane in the larger switch could switch the packets so much quicker than the little switch. The little switch incidentally also caused errors from time to time where it would lock up from the load for short periods and had to either be reset or left for 10 minutes to cool down before it would work right again.
    Last edited by SYNACK; 3rd September 2008 at 03:47 PM.

  13. #12

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,521
    Thank Post
    1,333
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Got a 48 port managed switch arriving tomorrow so will plug the servers straight into that and see how it goes.

    Cheers for your help

  14. #13
    MSGeek's Avatar
    Join Date
    Jul 2008
    Location
    Manchester
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Do those switches support any form of storm control on the ports.

    I know that HP and Cisco switches you can disable a port of the input unicast/Multicast/broadcast surpasses a certain percentage of port util

    Make sure spanning tree is turned on, if it is a flaky nic on the network then use WS to id the NIC and get shot of it.

    Hope this helps

  15. #14
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    47
    Quote Originally Posted by MSGeek View Post
    Do those switches support any form of storm control on the ports.

    I know that HP and Cisco switches you can disable a port of the input unicast/Multicast/broadcast surpasses a certain percentage of port util

    Make sure spanning tree is turned on, if it is a flaky nic on the network then use WS to id the NIC and get shot of it.

    Hope this helps
    WS ?

    What does that stand for.

  16. #15
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Quote Originally Posted by torledo View Post
    WS ?

    What does that stand for.
    Wireshark

SHARE:
+ Post New Thread

Similar Threads

  1. Registry Problem... argh!
    By bandgeekmafia78 in forum Windows
    Replies: 1
    Last Post: 24th July 2008, 11:05 AM
  2. Argh! Roaming Profiles
    By binky in forum Windows
    Replies: 2
    Last Post: 14th July 2008, 11:06 AM
  3. Argh!! Ris server
    By bradsorensen in forum Windows
    Replies: 6
    Last Post: 17th October 2007, 09:54 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •