Wierd lan traffic



  • almost from past 2 months now i see a constant flow of these packest on my lan, can any1 tell me what could be causing this?

    Broadcast	Broadcast	0xffff	64	Ethernet II
    


  • ARP traffic? You've given basically no information. Post some tcpdump output or something. Anything would be more helpful than what you've posted so far.



  • here is the wireshark dump

    http://www.mediafire.com/?6ipwsfopb2or2gg

    the issue is this is constant traffic, doesn't stop at all



  • What's your LAN topology? Looks as if you may have a loop somewhere.


  • LAYER 8 Global Moderator

    Its garbage..  I would suggest you start disconnecting devices on your lan until you find out what is sending it out.



  • pfsense on alix, port one connected to isp modem, port two connected to switch and other lan devices and other additional switches connected to main switch and lan clients also on second switch, so there r almost 3 switches in a chain and lan clients connected to all 3 of them



  • Yeah, you've got either a device pumping out trash or a loop somewhere. Unplug stuff until it stops.


  • LAYER 8 Global Moderator

    I would start at the far switch and disconnect it - if stops then you know its 3rd switch or lan device connected to that switch, then start disconnecting each lan device one at a time until you find it.

    If does not stop after disconnect 3rd lan switch, move to 2 - repeat process until you find the offending device.  This should tell you what switch your connected too that is causing the problem.

    Good luck - and let us know what you find.

    Since your seeing lots of it, you should not have to disconnect for very long to see if the problem goes away.  So your outages should be minimal



  • the cable that goes from switch 2 to switch 3, when i unplug it stops so ill go check whats wrong there but i was made aware that there is a cisco wifi router connected to switch 3 but its in bridge mode with dhcp set to pfsense for relay


  • LAYER 8 Global Moderator

    Well there you go, you know its something connected to switch 3, or wireless AP or clients connected to it.

    So I would disconnect your wireless router cable that goes to switch 3 first..   If goes away now your dealing with the AP or wireless client.

    Either way you have made progress - and know its either switch 3 or something connected to it.

    edit:  If when you disconnect the wifi router cable to switch 3 it goes away..  Turn off the radio on the AP/Router - this will disconnect all the clients, and then will tell you if its the AP itself or a client.



  • issue resolved, it was the cisco router which had dhcp relay enabled, i disabled that and for for some reason those packets disappeared



  • DHCP relay shouldn't be doing anything like that. You have a deeper issue, and if it was actually serving relay requests, that's probably going to break stuff.



  • its not relaying anything, all wireless and wired clients r on same subnet so i guess nothing broke so far and the packets stopped


  • LAYER 8 Global Moderator

    But he is right, just because you setup dhcp relay you shouldn't of been seeing packets like that..  Relay of dhcp traffic sure, but not junk like what you were seeing.

    Its nice that you made the junk stop, but you might want to look into why it was doing that in the first place..  Bug in the firmware of the AP maybe..  Or you could just forget it if you have no use of dhcp relay and everything is working how you want, etc.



  • as of now its not happening, its a cisco device on the latest firmware so i have no idea what was causing but lets wait and watch for a few days to see if it happens again, if it does then might be a bug and if not then probably dhcp relay has a bug coz as rest of the features r all disabled, thanks for the help anyways


Log in to reply