Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
March 25, 2006, 2:52 pm
rate this thread
Today i faced a weired problem in network.
I have Current network
1 * D Link Switch 16ports(10/100/1000)
| | |
| | |
| | |
6 * Dlink 24port (10/100) with
2(10/100/1000) Uplink Ports
I saw all my ports in all switch are blinking very badly.
We monitor them regularly but today i think the traffic was more or may
be network storm
All Network Computers was not able to access any resources on same
network or Internet.
They were not able to ping eachother.
I took folllowing steps to clean this situation.
1. Unplugged Switches from backbone Switch ie(D Link Switch
2. All switch ports lights were stable then.
3. Plugged them in one by one.
4. After 5 switch in last one when I plugged it again all switches
5. I unpluged 6th switch and all are stable again.
6.But 6th switch switch was still badly blinking.
7. I then removed one by one patchcord from 6th switch.
8. After removing from interface 7th and 8th, ,Suddenly switch started
9. And then i plugged it in Uplink port and HURREY all things are
I think Then machines on 6th Switch 7th and 8th switchport are effected
from Virus or spyware.
What do you all say .
And if agreed with me please provide me some solution to clean such
virus, and to control network storms.
I have seen similar problems caused by....
A faulty network card on a PC
Faulty switch ports/other switch faults.
Network devices with incorrect settings (e.g. multicast/other unused
protocols on network printers)
Someone running a 10KV cable next to data lines (any building work done
A paranoid (paranoid is good) initial step may to be to inspect each
machine on the offending segment for malware (takes about 5 min per PC)
A good way forward is to run Ethereal.com or other packet sniffer and
try and determine the source, tho by standard you will only see
broadcast traffic on a switch unless you use an inline ethernet sniffer
jig. And if a broadcast storm is occurring
If the problem occurs on switch 6 when it isn't linked to the other
switches, the problem is isolated to that switch, so unplugging one by
one should isolate it to a device.
If the problem only occurs when linked to other switches, link it to
another switch (try it with a spare, not the rest of your network) there
is possibly a fault on the source/target ports.
i.e. disconnect sw8, sw7 and sw8
link sw6 to spare, does prob occur, disconnect
repeat for sw7 and sw8.
Try with spare switch linking to sw5 (or wherever sw6 was going) to
isolate the target port on sw5.
Has any new equipment been connected?
Strangely enough I saw a very similar problem with new PC's recently.
For some reason the new PC's that went in were generating garbage
traffic causing a switchport (uplinked) to overload. Solution was to
drop the MTU on the new PC's from 1500 to 1460 and force the cards to
100mbit full duplex rather than auto detect.
I have seen Intel VE NIC's cause this and other weird problems as well.
There is just something odd about those cards. JMO.
Ubfortunately this sort of problem can be hard to diagnose, esp if it is
infrequent and random and you have 8 switches worth of users screaming
at you to "just fix it now"
Good luck, and be prepared for an oddball cause ;-)
- » OT: An attempt to learn from a malicious attack by an internet cracker.
- — Next thread in » General Computer Security
- » Is Cybercrime Taking the Lead in Profit Margin for Criminals?
- — Previous thread in » General Computer Security