Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    random broadcast storms

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    5 Posts 3 Posters 665 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsenseuser2020
      last edited by

      hi
      i have 2 pfsense in a vmware environment, in a cluster.
      it's been working for over a year now. a few months ago, a random broadcast storms has started to appear. currently they are on the latest version. i've already re-installed the main unit to exclude any software problem, but something is still doing the storms. in order to "escape" the problem when it occurs, i'm restarting the main unit, clear the storm from the physical switches and the problem goes away until the next time. it happens on average 1-2 times in a 2 week time frame. different time each occurrence. how can i detect it when it happens? maybe a monitor i can use? a log i can search?

      thank you

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        switchports begin to spew out broadcast traffic onto the network when there is a hardware failure,
        a defected network card inside a pc was able to take down my network once,
        loops in switch ..
        packet capture or Wireshark can help you when you see broadcast storm

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • P
          pfsenseuser2020
          last edited by

          thank you. i've learned that one of the hosts is doing the flood. but i can't find the cause or how to block it. this host keeps pounding packets on the broadcast of the pfsense. it's destination is 192.168.104.255:138 or 192.168.104.255:137 all the time (the pfsense is 192.168.104.254)
          is there a way to block these packets so they wont be forwarded?

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            192.168.104.255:137 / 138

            it should be netbios from windows, file and printer sharing
            a broadcast storms from that is strange
            you can disable netbios from the network card settings if you don't need it

            • Open Network Connection Properties.
            • Select TCP/IP v4.
            • list itemClick Advanced, then select the WINS tab.
            • Select 'Disable NetBIOS over TCP/IP'.
            • Click OK and reboot the computer.

            maybe malwares?

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • A
              akuma1x
              last edited by akuma1x

              @pfsenseuser2020 Looks like ports 137 and 138 are Netbios and/or Windows File Sharing CIFS ports. Do you maybe have a NAS or file server that's misbehaving, or infected?

              https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html

              https://forum.netgate.com/topic/83433/log-flooded-with-port-137-138-udp

              But, I agree with @kiokoman, if possible, turn it off at the host's network card.

              Jeff

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.