Solved

What would be the cause of this?

Posted on 2009-05-12
2
185 Views
Last Modified: 2013-11-09
I've been working on a networking problem where multiple workstations have a brief interruption in their network connection, (as indicated by a timeout on a ping -t.)  To make a long story short, I was watching wireshark when this happened and I was wondering if someone could point me in the right direction as to what would cause this.

I was using wireshark on a laptop plugged into my switch.  The switch is managed and I had port mirroring from one of my network printers ports so that I could monitor traffic going to the port belonging to the printer.  The reason I chose the printers port on the switch is because when this anomaly  happens the printer will usually not respond to  pings for 30 sec to 1 min.  So I wanted to see if a jabbering nic someplace is causing it.

What is strange about this, (and I attached a screenshot of the wireshark capture while this was happening,) is that the printers static ip is 192.168.1.145.

If you notice in the screenshot, ( at time of 1140,) i'm sniffing traffic destined for 192.168.1.39, (which is a time card program kiosk at my facility.)  Wny was the printer at 192.168.1.145 receiving traffic destined for 192.168.1.39?  

Is this a bad switch?  A bad nic in the server that transmitted the packet? Is it something else entirely.  Any help would be appreciated.
WsharkCapture.jpg
0
Comment
Question by:FASP
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 500 total points
Comment Utility
A switch that has not learned the destination port for a particular mac address will send packets destined for that mac address out all ports in the vlan in which it was received.

So as the mac-addresses time out of the vlan table they will need to be sent to all interfaces.
0
 
LVL 10

Expert Comment

by:lanboyo
Comment Utility
Now if this is simultaneous to the timeouts then you might have a problem. Usually I suspect spanning tree topology changes for this type of thing.....

The mac-address timeout is usually set for 300 seconds, you can increase it if you get a lot of this.

mac address-table aging-time 600

 makes it 10 minutes.

What really might be occuring is that the link between the switch that .39 is on and the switch that the server.firstaidandsaf is on went down or into blocking mode and the network is color storming the packet  out all interfaces except the one it came in on, and your switch is doing the same.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now