investigating network loops
HTML-код
- Опубликовано: 17 сен 2024
- tons of more free info at www.thetechfirm.com
----------------------------------------------------------------------------------------
Troubleshooting the most common “things are slow” complaint is one of the most difficult calls I get since there are many scenarios and variables to consider.
Root causes range from the malicious (like DDOS or viruses) to the unintentional (like equipment misconfigurations), and everything in between.
I found the most effective approach is trying to eliminate the possible root causes that are easy to prove or disprove. For example, starting up your protocol analyzer of choice connected to any port on the client VLAN could identify layer 2 loops, devices sending out a lot of broadcast multicast packets and misconfigured load balancing.
In this example, when I got the call and performed this check, I got lucky and there it was a layer 2 loop. Many analysts skip this check because they rely on Spanning Tree or Rapid Spanning Tree to prevent this from happening.
In the video below I walk you through how I figured this out and what the issue was.
Enjoy
Excellent your videos are like having a personal Network Analyst Tutor, please keep posting them.
thanks for the feedback. feel free to check out all the other stuff at my website www.thetechfirm.com
Great video 👍only just getting into wireshark as a novice, Is there a way of finding if 2 devices on the local are using the same IP address using WiFi? Thanks again and I'm definitely subscribing 😎
thanks, see if this one helps ruclips.net/video/T0SEKTuAkY8/видео.html i appreciate the subscribe and your kind words
This video cuts nicely to the quick for explaining how to detect if a loop exists - but misses a key part of the final understanding
Once you had the repeated packet, how did you figure out the physical interfaces that where causing the looped traffic?
thanks , i go through that part in my classes/presentations
@@thetechfirm Interesting, a few questions regarding your 1 day and 3 day courses
1st: what's the assumed skill level that these are presented for - For example is it targeted at those already engrained in learning network technologies who already understand how to vlan etc, or are they suitable for rolling out to up skill 1st liners who understand making use MAC and IP addresses - but not neccessarily the why of how they work
2nd: what do you consider your optimal group size for your presentations?
3rd: You list a price for the 1 day, but that seems to be absent on the 3 day course
When the Wifi is bridging back into itself how do you stop it from Looping? Do you turn it off or stop it from looping?
in this example the 2 halves of the bridge were on same vlan, so i simply configured the other side on a different vlan with those clients.
Thank you, this was interesting! Without a network sniffer such as WireShark, is it possible to determine if there's a loop? Maybe if the interfaces and the CPU shows an unusually high utilization for some time period, or by looking at the "Received... broadcasts" interface output, or the input/output rates, or something else? I'm mainly considering Cisco devices. Thanks.
Yes. Depending on the specific issue, you can look at the port counters and/or flooded packet counter
@@thetechfirm
Thank you!
@@thetechfirm
Hi again,
I've checked Todd Lammle's CCNA book and he says that when the "No buffer" and "Ignored" counters increment, that typically indicates a broadcast storm. "No buffer" means there isn't any buffer room left for incoming packets. If the buffer is full and new packets are received, the packets are discarded. The "Ignored" counter shows how many packets are dropped.
Short and sweet - subbed
Thank you for your help. What is the software name of the analyser you are using.
Wireshark. I have well over 100 videos on my channel about it
Whats the same if that application? Dope video by the way man very easy to do
thanks. i used Wireshark to analyze the packets. FYI, there are well over 500 videos on my youtube channel and tons of free info on my site www.thetechfirm.com
@@thetechfirm nah you an asset in this game
I'm assuming that you're using port mirroring for the PCAP. Is that assumption correct?
nope, in this case the looped packets were broadcast/multicast so they were on all ports
We had an incident at work where all the computers crashed all at the same time. A loop back was discovered on a un managed switch.
How long does it take for this to impact a network ?
not too sound like a consultant, but it depends on many factors, the network topology, the packet size and rate, but i can say from experience i've seen loops take anywhere from 1 minute to 20 minutes to take things down. the good news is that if yo uhave a loop you will see the packets flying 7/24.
@@thetechfirm thank you for your reply.
😊
🤟