How to find possible network loop ?


I am using on my network the McAffe e250 Webshield appliance, that device is set as trasnparent bridge.Most of the time works fine but some times kills the Internet traffic because it is going to the 100% processor usage .

Talking with McAfee support they told me that the appliance is configured correctly and they told me also that the source of the problem is a NETWORK LOOP .

What could be causing a network loop ? How can I detect a network loop ?

Any ideas ?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There are several options. The easies would be turn on debugging nd see where the loops startis. assuming you have that capabiltity on the device.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What could be causing a network loop ?
In my understanding a network loop is when you direct or indirect connect 2 ports on a switch.
Analog to placing microfone in front of loudspeeker. Where signal also is amplified until saturation.

You can protect against a network loop by using managed sw.'s with Spanning Tree Protocol enabeled (in case of loop condition STP will break up network)
You might as well tell the McAfee guys that they have a hole in their webshield because all the bits are going thru.  
The McAfee explaination seems as hokey as my statement.  

The generic statement of a network loop implies that the topology has at least 2 paths that data can traverse in such a manner that your packets are forever travelling in a circular motion.  In this case, it would cause something more than the McAfee e250 Webshield appliance to register 100% processor usage.  In the classic sense, it would grind at least that portion of the network to slow down to a grind or halt as it continually re-processes data packets.

On the serious side, you may want to check the logs on that appliance to determine what it is processing when this issue occurs.  

Otherwise if I guess correctly; you will only have this issue when the McAfee appliance is operating, otherwise minus the concerns of virus and trojans in its many forms , your network works normally.    Hence no network loop.  I suspect that the appliance probably gets stuck on certain pieces of data that passes thru it and the CPU is forever processing invalid data.

I would either suggest that you call McAfee support and request another tech to investigate the McAfee appliance.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

If McAfee or whoever insists on blaming a network loop, then physically remove some wires until there are no switching loops. (If this is possible)

But you know, those "network loops" don't heal themselves just like the microphones in jburgaard's example don't quiet down until the problem is fixed. So if you have a "sometimes" condition, it is probably not a network loop.

But take out a few wires to physically eliminate all loops. Then if the same thing happens, call back the vendor and tell him his device has a problem.

Alternatively, you can just turn on STP (it's on by default probably) and trace the network for blocked ports and such. But in this case,t he vendor will still claim that you have a network loop.


If a network look were the cause then you wouldnt just be losing Internet connection, your entire network would crash.  You can verify this by seeing if computers can ping each other or reach server applications or whatever else your network does.

A network loop seems like the easy answer from Mcaffe to me.  It is possible though that your Mcaffee device is getting hammered with some kind of traffic, whether it be some kind of attack or a faulty device.
Leon FesterSenior Solutions ArchitectCommented:
Network loops can cause strange behaviour, yes.  Can cause connectivety failure, yes, however this is entirely dependant on the switches. All managed switches should be able to continue to operate when there is a network loop, traffic however is just aggregated since all broadcast traffic is being sent across your network at least twice. On an unmanaged Switch/Hub, this activities can also result in a broadcast storm, and network failover.

Unplugging the cables and testing is best(if not only) way to trace the source.

Just last week I had to trace a network loop, didn't know it at the time, but it was a loop and 1 cable had both ends plugged into the switch.

To make tracing easier, I'd suggest that you connect a laptop/single machine directly into the switch. Then run Ethereal and enable the realtime update of the log window. Remove all cables and then insert them individually. Ethereal will quickly identify the connected machine, by IP and Netbios name. If you get link activity but no traffic then you've probably found your loop.
gzarateAuthor Commented:
I have not ever used ethereal , is that a command or a program ?
Ethereal is an excellent packet captureing program:

I use it daily, if you are a network admin, it will be your best friend.  Its all GUI based with windows, so you have nothing to worry about.  It may take a day or two to get used to it, but I highly recommend you start.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.