Network congestion at about 22 minute intervals. Cause?
We have a network segment that every 22 minutes approximately gets very congested for about 10 seconds or so, causing various apps to get disconnected. We have a multiple vlan environment and only one vlan is affected. We believe it is being flooded with UDP packets. The switches are Cisco with all ports running 100 or gigabit speeds. We have about 4 servers, about 40 PC's, 7 or 8 printers, and three copiers on that segment. We usually see the issue on our network by an app that displays on a large monitor that is running on one of the PC's. The app connects to the internet and displays real-time information. What happens is there is a notification that the app has lost it's connection to the internet server. Other apps are affected at the same time. We have verified that other lan segments are not affected and the Internet connection for the affected vlan is on another segment. We need to know how to trace the source of the information. We have removed the servers and a number of the workstations for a period of time with no change in the issue.
Thanks,
Bobby
Thanks,
Bobby
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
you can use any network monitoring tool (freeware) and keep it on for capturing packets, especially when usually facing this issue, at the same time your data packet capturer will tell you huge traffic generated by the specific source.
I had an 80% similar case and was lucky to find the solution through this practice.
I had an 80% similar case and was lucky to find the solution through this practice.
Try PRTG to monitor all of the sw2itch interfaces. A simple look at the graph will tell you which port the flood is coming from.
Then you can diagnose further. Often, simply knowing which machine it is, is useful and you just have a look at that machine.
You could also set up a monitor port and use wireshark to identify the type of traffic, if as casual look at the machine in question doesn't produce results.
Then you can diagnose further. Often, simply knowing which machine it is, is useful and you just have a look at that machine.
You could also set up a monitor port and use wireshark to identify the type of traffic, if as casual look at the machine in question doesn't produce results.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I'm guessing you don't have some sort of monitoring software or tool. Get one, just as cited in previous suggestions. Wireshark would be one tool that would help immensely. Do you have managed switches? That would be another way to help you trace where the problem is (checking the ports that are members of that VLAN).
Based on what you've mentioned with guess work, did you try removing the printers? Have you also checked for any rogue devices on that network?
Based on what you've mentioned with guess work, did you try removing the printers? Have you also checked for any rogue devices on that network?
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- John (https:#a42356483)
-- Muhammad Sajjad (https:#a42356386)
-- masnrock (https:#a42356491)
-- John Hurst (https:#a42356380)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
hdhondt
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- John (https:#a42356483)
-- Muhammad Sajjad (https:#a42356386)
-- masnrock (https:#a42356491)
-- John Hurst (https:#a42356380)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
hdhondt
Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Printers and Scanners
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
To your point now: Look for incoming packet floods (ask your ISP), make sure all router devices have newest firmware, and restart these devices. That is where I would start