I've got a bizarre issue happening with our school network - random slowness, etc. We do have conficker running around, but I'm also seeing tons of broadcast frames. We have something like 4000 PC's on this one subnet - are the #'s below "normal"?
The below section is counters from one of our Cisco 3500 switches:
My money is on the worm creating the broadcast traffic.
Without the obvious (get rid of the worm), is there anything anyone would suggest to:
1. reduce the random slowness of our network
2. limit the broadcast traffic without disabling network functionality to our users
Thanks for anything you can suggest!
Last edited by LCPSWolf; 11th November 2009 at 07:59 PM.
Reason: Forgot to tell what my counters were from
You can't really tell much by looking at the counters. I would install a packet sniffer such as wireshark on a pc and have a look at what broadcast traffic you can see. It should be reasonably simple to spot anything weird going on.
If you get an impression of what your normal traffic looks like you can compare it with traffic during a slow-down, then you'll know definitively whether broadcast traffic is to blame.