nakz
asked on
How do i determin if NIC is causing a broardcast storm
Im having some trouble here.
Im trying to determine if my Server/Workstation NIC is causing broadcast storm. If my server/workstation NIC is causing a broadcast storm how would i determine it, and how would i resolve the matter...
Im trying to determine if my Server/Workstation NIC is causing broadcast storm. If my server/workstation NIC is causing a broadcast storm how would i determine it, and how would i resolve the matter...
also check for the blaster worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
Yep - etherpeek
:)
:)
To find out if there's an abundance of network traffic, keep it simple.
Is your network performance sluggish? Look at the lights on the networking equipment. Are they constantly active?
If you disconnect one workstation, does network performance improve? If its the server - you might have troubles.
Keep your a/v up to date. Might be worthwhile investing in and IDS and FW, depending on the size of your organization.
Is your network performance sluggish? Look at the lights on the networking equipment. Are they constantly active?
If you disconnect one workstation, does network performance improve? If its the server - you might have troubles.
Keep your a/v up to date. Might be worthwhile investing in and IDS and FW, depending on the size of your organization.
ASKER
It not what im looking for, but more information on it..
www.ethereal.com. It's free.
First, and simplest - whatever device you suspect is causing a broadcast storm will exhibit excessive activity on its switch or hub port. that is a big red flag for you.
If you are using a switch, it is best to put a dumb, plain hub/repeater in the circuit, plug your monitoring PC into the hub, and run the protocol analyzer. It can be done on a switch port, provided that the switch port is configured properly to allow a protocol analyzer to capture all packet activity.
If you have a multi-level collapsed backbone, and have already isolated the problem device to a specific segment, you can put the dumb hub in circuit between the problem segment and the backbone to pinoint the problem device.
First, and simplest - whatever device you suspect is causing a broadcast storm will exhibit excessive activity on its switch or hub port. that is a big red flag for you.
If you are using a switch, it is best to put a dumb, plain hub/repeater in the circuit, plug your monitoring PC into the hub, and run the protocol analyzer. It can be done on a switch port, provided that the switch port is configured properly to allow a protocol analyzer to capture all packet activity.
If you have a multi-level collapsed backbone, and have already isolated the problem device to a specific segment, you can put the dumb hub in circuit between the problem segment and the backbone to pinoint the problem device.
After you isolate the problem device, then you can troubleshoot the device to resolve the issue. It may be that what sp10de and stevenlewis suggested is the root cause - you may have been stung by a virus or worm.
Once you isolate the device and find out what kind of excessive traffic it is causing (arps for instance) then it's easier to determine what might be the cause, and what to do about it.
To avoid a lot of putzing, I personally would download both the blaster and welchia cleaner programs from www.symantec.com and run them both on the suspect computer first, and save further protocol analysis for after if that doesn't fix it.
Once you isolate the device and find out what kind of excessive traffic it is causing (arps for instance) then it's easier to determine what might be the cause, and what to do about it.
To avoid a lot of putzing, I personally would download both the blaster and welchia cleaner programs from www.symantec.com and run them both on the suspect computer first, and save further protocol analysis for after if that doesn't fix it.
Flashback....mine was a bad NIC. 5 minute fix :-)
ASKER
What other major thing that mite cause NIC broadcast storm. ive use the software but it doesnt dermine anything.. could be be my server??
Have you isolated the device causing the broadcast storm? Is it the server?
try swapping out the NIC with a known good one
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
here's one (there are lots out there
http://www.wildpackets.com/products/etherpeek/features