• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 18071
  • Last Modified:

How to find possible network loop ?


I am using on my network the McAffe e250 Webshield appliance, that device is set as trasnparent bridge.Most of the time works fine but some times kills the Internet traffic because it is going to the 100% processor usage .

Talking with McAfee support they told me that the appliance is configured correctly and they told me also that the source of the problem is a NETWORK LOOP .

What could be causing a network loop ? How can I detect a network loop ?

Any ideas ?

6 Solutions
There are several options. The easies would be turn on debugging nd see where the loops startis. assuming you have that capabiltity on the device.
What could be causing a network loop ?
In my understanding a network loop is when you direct or indirect connect 2 ports on a switch.
Analog to placing microfone in front of loudspeeker. Where signal also is amplified until saturation.

You can protect against a network loop by using managed sw.'s with Spanning Tree Protocol enabeled (in case of loop condition STP will break up network)
You might as well tell the McAfee guys that they have a hole in their webshield because all the bits are going thru.  
The McAfee explaination seems as hokey as my statement.  

The generic statement of a network loop implies that the topology has at least 2 paths that data can traverse in such a manner that your packets are forever travelling in a circular motion.  In this case, it would cause something more than the McAfee e250 Webshield appliance to register 100% processor usage.  In the classic sense, it would grind at least that portion of the network to slow down to a grind or halt as it continually re-processes data packets.

On the serious side, you may want to check the logs on that appliance to determine what it is processing when this issue occurs.  

Otherwise if I guess correctly; you will only have this issue when the McAfee appliance is operating, otherwise minus the concerns of virus and trojans in its many forms , your network works normally.    Hence no network loop.  I suspect that the appliance probably gets stuck on certain pieces of data that passes thru it and the CPU is forever processing invalid data.

I would either suggest that you call McAfee support and request another tech to investigate the McAfee appliance.

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

If McAfee or whoever insists on blaming a network loop, then physically remove some wires until there are no switching loops. (If this is possible)

But you know, those "network loops" don't heal themselves just like the microphones in jburgaard's example don't quiet down until the problem is fixed. So if you have a "sometimes" condition, it is probably not a network loop.

But take out a few wires to physically eliminate all loops. Then if the same thing happens, call back the vendor and tell him his device has a problem.

Alternatively, you can just turn on STP (it's on by default probably) and trace the network for blocked ports and such. But in this case,t he vendor will still claim that you have a network loop.


If a network look were the cause then you wouldnt just be losing Internet connection, your entire network would crash.  You can verify this by seeing if computers can ping each other or reach server applications or whatever else your network does.

A network loop seems like the easy answer from Mcaffe to me.  It is possible though that your Mcaffee device is getting hammered with some kind of traffic, whether it be some kind of attack or a faulty device.
Leon FesterCommented:
Network loops can cause strange behaviour, yes.  Can cause connectivety failure, yes, however this is entirely dependant on the switches. All managed switches should be able to continue to operate when there is a network loop, traffic however is just aggregated since all broadcast traffic is being sent across your network at least twice. On an unmanaged Switch/Hub, this activities can also result in a broadcast storm, and network failover.

Unplugging the cables and testing is best(if not only) way to trace the source.

Just last week I had to trace a network loop, didn't know it at the time, but it was a loop and 1 cable had both ends plugged into the switch.

To make tracing easier, I'd suggest that you connect a laptop/single machine directly into the switch. Then run Ethereal and enable the realtime update of the log window. Remove all cables and then insert them individually. Ethereal will quickly identify the connected machine, by IP and Netbios name. If you get link activity but no traffic then you've probably found your loop.
gzarateAuthor Commented:
I have not ever used ethereal , is that a command or a program ?
Ethereal is an excellent packet captureing program:


I use it daily, if you are a network admin, it will be your best friend.  Its all GUI based with windows, so you have nothing to worry about.  It may take a day or two to get used to it, but I highly recommend you start.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now