Re: tracking down source/cause of garbage packets

• Previous message: jonathan: "tracking down source/cause of garbage packets"
• In reply to: jonathan: "tracking down source/cause of garbage packets"
• Next in thread: bz: "Re: tracking down source/cause of garbage packets"
• Reply: bz: "Re: tracking down source/cause of garbage packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 09 Oct 2003 19:44:36 GMT

In article <f05e664d.0310091140.43023807@posting.google.com>,
jonathan <ttyp32000@yahoo.com> wrote:
>hey all,
>
>Our network has been having difficulties; and using iris (a windows
>tool) we are seeing tons of packets that:
>
>a) don't have a valid mac address
>b) don't have valid IP addresses on either the sending or receiving
>end.
>c) that have frames of either '---' (not valid) or 802.3
>d) that have either the 'spanning tree' or 'SNAP' or '---' protocol
>
>ie, they are basically dummies that are clogging our network. Any clue
>on what
>might be causing this? Can a program (virus, etc) spoof mac addresses
>as
>well as IP? How would people go about tracking them down?

I'm sure it's possible, but probably harder to accomplish. And sending
totally invalid frames is probably very difficult, since this should be
handled at a low level by the NIC.

With the wide variety of problems you're seeing, I'd suspect a hardware
problem rather than software. Maybe a bad hub or switch.

-- 
Barry Margolin, barry.margolin@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

• Previous message: jonathan: "tracking down source/cause of garbage packets"
• In reply to: jonathan: "tracking down source/cause of garbage packets"
• Next in thread: bz: "Re: tracking down source/cause of garbage packets"
• Reply: bz: "Re: tracking down source/cause of garbage packets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]