Re: tracking down source/cause of garbage packets
From: Barry Margolin (barry.margolin_at_level3.com)
Date: Thu, 09 Oct 2003 19:44:36 GMT
In article <email@example.com>,
jonathan <firstname.lastname@example.org> wrote:
>Our network has been having difficulties; and using iris (a windows
>tool) we are seeing tons of packets that:
>a) don't have a valid mac address
>b) don't have valid IP addresses on either the sending or receiving
>c) that have frames of either '---' (not valid) or 802.3
>d) that have either the 'spanning tree' or 'SNAP' or '---' protocol
>ie, they are basically dummies that are clogging our network. Any clue
>might be causing this? Can a program (virus, etc) spoof mac addresses
>well as IP? How would people go about tracking them down?
I'm sure it's possible, but probably harder to accomplish. And sending
totally invalid frames is probably very difficult, since this should be
handled at a low level by the NIC.
With the wide variety of problems you're seeing, I'd suspect a hardware
problem rather than software. Maybe a bad hub or switch.
-- Barry Margolin, email@example.com Level(3), Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.