• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

random broadcast storms

Scheduled Pinned Locked Moved L2/Switching/VLANs
5 Posts 3 Posters 665 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    pfsenseuser2020
    last edited by Oct 9, 2020, 9:09 PM

    hi
    i have 2 pfsense in a vmware environment, in a cluster.
    it's been working for over a year now. a few months ago, a random broadcast storms has started to appear. currently they are on the latest version. i've already re-installed the main unit to exclude any software problem, but something is still doing the storms. in order to "escape" the problem when it occurs, i'm restarting the main unit, clear the storm from the physical switches and the problem goes away until the next time. it happens on average 1-2 times in a 2 week time frame. different time each occurrence. how can i detect it when it happens? maybe a monitor i can use? a log i can search?

    thank you

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by Oct 9, 2020, 10:30 PM

      switchports begin to spew out broadcast traffic onto the network when there is a hardware failure,
      a defected network card inside a pc was able to take down my network once,
      loops in switch ..
      packet capture or Wireshark can help you when you see broadcast storm

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • P
        pfsenseuser2020
        last edited by Oct 9, 2020, 11:00 PM

        thank you. i've learned that one of the hosts is doing the flood. but i can't find the cause or how to block it. this host keeps pounding packets on the broadcast of the pfsense. it's destination is 192.168.104.255:138 or 192.168.104.255:137 all the time (the pfsense is 192.168.104.254)
        is there a way to block these packets so they wont be forwarded?

        1 Reply Last reply Reply Quote 0
        • K
          kiokoman LAYER 8
          last edited by kiokoman Oct 9, 2020, 11:48 PM Oct 9, 2020, 11:44 PM

          192.168.104.255:137 / 138

          it should be netbios from windows, file and printer sharing
          a broadcast storms from that is strange
          you can disable netbios from the network card settings if you don't need it

          • Open Network Connection Properties.
          • Select TCP/IP v4.
          • list itemClick Advanced, then select the WINS tab.
          • Select 'Disable NetBIOS over TCP/IP'.
          • Click OK and reboot the computer.

          maybe malwares?

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • A
            akuma1x
            last edited by akuma1x Oct 10, 2020, 12:53 AM Oct 10, 2020, 12:45 AM

            @pfsenseuser2020 Looks like ports 137 and 138 are Netbios and/or Windows File Sharing CIFS ports. Do you maybe have a NAS or file server that's misbehaving, or infected?

            https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html

            https://forum.netgate.com/topic/83433/log-flooded-with-port-137-138-udp

            But, I agree with @kiokoman, if possible, turn it off at the host's network card.

            Jeff

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received