investigating network loops
Рет қаралды 33,535
Күн бұрынtons of more free info at www.thetechfirm.com
----------------------------------------------------------------------------------------
Troubleshooting the most common “things are slow” complaint is one of the most difficult calls I get since there are many scenarios and variables to consider.
Root causes range from the malicious (like DDOS or viruses) to the unintentional (like equipment misconfigurations), and everything in between.
I found the most effective approach is trying to eliminate the possible root causes that are easy to prove or disprove. For example, starting up your protocol analyzer of choice connected to any port on the client VLAN could identify layer 2 loops, devices sending out a lot of broadcast multicast packets and misconfigured load balancing.
In this example, when I got the call and performed this check, I got lucky and there it was a layer 2 loop. Many analysts skip this check because they rely on Spanning Tree or Rapid Spanning Tree to prevent this from happening.
In the video below I walk you through how I figured this out and what the issue was.
Enjoy
@andyjarman64 2 жыл бұрын
Excellent your videos are like having a personal Network Analyst Tutor, please keep posting them.
@thetechfirm 2 жыл бұрын
thanks for the feedback. feel free to check out all the other stuff at my website www.thetechfirm.com
@mikecullen6557 Жыл бұрын
Great video 👍only just getting into wireshark as a novice, Is there a way of finding if 2 devices on the local are using the same IP address using WiFi? Thanks again and I'm definitely subscribing 😎
@thetechfirm Жыл бұрын
thanks, see if this one helps kzbin.info/www/bejne/imG2dn6Kqqaej5o i appreciate the subscribe and your kind words
@alittax Жыл бұрын
Thank you, this was interesting! Without a network sniffer such as WireShark, is it possible to determine if there's a loop? Maybe if the interfaces and the CPU shows an unusually high utilization for some time period, or by looking at the "Received... broadcasts" interface output, or the input/output rates, or something else? I'm mainly considering Cisco devices. Thanks.
@thetechfirm Жыл бұрын
Yes. Depending on the specific issue, you can look at the port counters and/or flooded packet counter
@alittax Жыл бұрын
@@thetechfirm Thank you!
@alittax Жыл бұрын
@@thetechfirm Hi again, I've checked Todd Lammle's CCNA book and he says that when the "No buffer" and "Ignored" counters increment, that typically indicates a broadcast storm. "No buffer" means there isn't any buffer room left for incoming packets. If the buffer is full and new packets are received, the packets are discarded. The "Ignored" counter shows how many packets are dropped.
@Zer0kbps Жыл бұрын
Short and sweet - subbed
@Camped_on_Dartmoor Жыл бұрын
We had an incident at work where all the computers crashed all at the same time. A loop back was discovered on a un managed switch. How long does it take for this to impact a network ?
@thetechfirm Жыл бұрын
not too sound like a consultant, but it depends on many factors, the network topology, the packet size and rate, but i can say from experience i've seen loops take anywhere from 1 minute to 20 minutes to take things down. the good news is that if yo uhave a loop you will see the packets flying 7/24.
@Camped_on_Dartmoor Жыл бұрын
@@thetechfirm thank you for your reply.
@shiiqa4945 2 жыл бұрын
Thank you for your help. What is the software name of the analyser you are using.
@thetechfirm 2 жыл бұрын
Wireshark. I have well over 100 videos on my channel about it
@21dollarsignsauce 2 жыл бұрын
When the Wifi is bridging back into itself how do you stop it from Looping? Do you turn it off or stop it from looping?
@thetechfirm 2 жыл бұрын
in this example the 2 halves of the bridge were on same vlan, so i simply configured the other side on a different vlan with those clients.
@Wranorn 6 ай бұрын
I'm assuming that you're using port mirroring for the PCAP. Is that assumption correct?
@tonyfsvids 6 ай бұрын
nope, in this case the looped packets were broadcast/multicast so they were on all ports
@petpeeve4657 Жыл бұрын
Whats the same if that application? Dope video by the way man very easy to do
@thetechfirm Жыл бұрын
thanks. i used Wireshark to analyze the packets. FYI, there are well over 500 videos on my youtube channel and tons of free info on my site www.thetechfirm.com
@petpeeve4657 Жыл бұрын
@@thetechfirm nah you an asset in this game
@bengrogan9710 Жыл бұрын
This video cuts nicely to the quick for explaining how to detect if a loop exists - but misses a key part of the final understanding Once you had the repeated packet, how did you figure out the physical interfaces that where causing the looped traffic?
@thetechfirm Жыл бұрын
thanks , i go through that part in my classes/presentations
@bengrogan9710 Жыл бұрын
@@thetechfirm Interesting, a few questions regarding your 1 day and 3 day courses 1st: what's the assumed skill level that these are presented for - For example is it targeted at those already engrained in learning network technologies who already understand how to vlan etc, or are they suitable for rolling out to up skill 1st liners who understand making use MAC and IP addresses - but not neccessarily the why of how they work 2nd: what do you consider your optimal group size for your presentations? 3rd: You list a price for the 1 day, but that seems to be absent on the 3 day course
@ElreyRayo 5 ай бұрын
😊
@thetechfirm 5 ай бұрын
🤟
@jairtzinio 2 ай бұрын
This made no sense to me
@thetechfirm 2 ай бұрын
great to hear
PuffPaw Arabic
Рет қаралды 17 МЛН