Solved

What would be the cause of this?

Posted on 2009-05-12
2
188 Views
Last Modified: 2013-11-09
I've been working on a networking problem where multiple workstations have a brief interruption in their network connection, (as indicated by a timeout on a ping -t.)  To make a long story short, I was watching wireshark when this happened and I was wondering if someone could point me in the right direction as to what would cause this.

I was using wireshark on a laptop plugged into my switch.  The switch is managed and I had port mirroring from one of my network printers ports so that I could monitor traffic going to the port belonging to the printer.  The reason I chose the printers port on the switch is because when this anomaly  happens the printer will usually not respond to  pings for 30 sec to 1 min.  So I wanted to see if a jabbering nic someplace is causing it.

What is strange about this, (and I attached a screenshot of the wireshark capture while this was happening,) is that the printers static ip is 192.168.1.145.

If you notice in the screenshot, ( at time of 1140,) i'm sniffing traffic destined for 192.168.1.39, (which is a time card program kiosk at my facility.)  Wny was the printer at 192.168.1.145 receiving traffic destined for 192.168.1.39?  

Is this a bad switch?  A bad nic in the server that transmitted the packet? Is it something else entirely.  Any help would be appreciated.
WsharkCapture.jpg
0
Comment
Question by:FASP
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 500 total points
ID: 24366949
A switch that has not learned the destination port for a particular mac address will send packets destined for that mac address out all ports in the vlan in which it was received.

So as the mac-addresses time out of the vlan table they will need to be sent to all interfaces.
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24367223
Now if this is simultaneous to the timeouts then you might have a problem. Usually I suspect spanning tree topology changes for this type of thing.....

The mac-address timeout is usually set for 300 seconds, you can increase it if you get a lot of this.

mac address-table aging-time 600

 makes it 10 minutes.

What really might be occuring is that the link between the switch that .39 is on and the switch that the server.firstaidandsaf is on went down or into blocking mode and the network is color storming the packet  out all interfaces except the one it came in on, and your switch is doing the same.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question