large switched network acting up
Posted: Fri Feb 22, 2002 12:29 am
been a while since i last posted, but his ones a keeper.
my university recently upgraded their residential network to switched ethernet. ever since then i have been randomly taken off the internet, getting major packet loss at what appears to be the switch on my floor.
i determined this because when it goes down i can not reach anything from my machine not even machines on my switch, but at the same time a machine outside my subnet can reach everything up to my gateway (each building has its own unique gateway)
i have set up sniffing software (ethereal) and logged all packets when this occurs. with some unusual results.
1. im seeing random unicast packets destined for other IPs (approx 2 per 1000 packets captured) even though im on a switch
2. there are two IPs on my subnet that are sending out about 10-20 times more ARP traffic than any other machine on the network. (i know the IPs of the university's hardware, these are user machines)
3. i can see other machines broadcast traffic on my subnet, but when i send out broadcasts, i get sporadic responses
does anyone have any experience with this sort of situation?
could this be the affect of something like "snarp"? i know how arp poisoning works but honestly have never seen it so i wouldnt know what to look for.
just so you know i have contacted the network people here and they have no clue, i dont think they believe me. everytime they check everything is fine but then two hours later it happens again. i have never been able to show them what happens besides the logs i kept which they dont want to look at.
for a litle backround there are about 500 users on my subnet each connection to a room is half duplex 10T, these all go to a rack of switches linked together and the pipe to the rest of the university network is a gigabit fiber line that we share with several other buildings, all together it sits on a OC3 to the general internet.
sorry about the length of this, any help would be great.
my university recently upgraded their residential network to switched ethernet. ever since then i have been randomly taken off the internet, getting major packet loss at what appears to be the switch on my floor.
i determined this because when it goes down i can not reach anything from my machine not even machines on my switch, but at the same time a machine outside my subnet can reach everything up to my gateway (each building has its own unique gateway)
i have set up sniffing software (ethereal) and logged all packets when this occurs. with some unusual results.
1. im seeing random unicast packets destined for other IPs (approx 2 per 1000 packets captured) even though im on a switch
2. there are two IPs on my subnet that are sending out about 10-20 times more ARP traffic than any other machine on the network. (i know the IPs of the university's hardware, these are user machines)
3. i can see other machines broadcast traffic on my subnet, but when i send out broadcasts, i get sporadic responses
does anyone have any experience with this sort of situation?
could this be the affect of something like "snarp"? i know how arp poisoning works but honestly have never seen it so i wouldnt know what to look for.
just so you know i have contacted the network people here and they have no clue, i dont think they believe me. everytime they check everything is fine but then two hours later it happens again. i have never been able to show them what happens besides the logs i kept which they dont want to look at.
for a litle backround there are about 500 users on my subnet each connection to a room is half duplex 10T, these all go to a rack of switches linked together and the pipe to the rest of the university network is a gigabit fiber line that we share with several other buildings, all together it sits on a OC3 to the general internet.
sorry about the length of this, any help would be great.