Skip to main content

How to detect Multicast traffic flooding a switched network

Multicast traffic specially the one generated by Microsoft's NLB Cluster can flood the network even if it is switched network. Network engineers will often feel the switches acting like a classic hub completely defeating the purpose of switched networks. Microsoft intentially did this in their NLB Cluster by design to achieve the load balancing or express delivery or response to network traffic dealt by their load balancers.

In order to track or detect symptoms you will have to trace network packets across network from any port. This can be done using Wireshark on Windows and Snoop on Solaris Unix systems.

Packet trace will usually be carried out on one of the network interface connected to VLAN or network in question. In below example we are using Unix snoop command but we would also use other commands to determine what is required.

$ bash # access the Bash Shell
$ ifconfig -a # list the interface details and write down the interface you want to investigate.

Now we are going to run the snoop on one of the interfaces we wanted to investigate.

snoop -c e1000g -v arp 2>&1 > /tmp/e1000g.txt

If you have more than one interface you may have to run below at the same time.

snoop -c e1000g1 -v arp 2>&1 > /tmp/e1000g1.txt & snoop -c e1000g2 -v arp 2>&1 > /tmp/e1000g2.txt

Break the connection using Ctrl+C or Break and inspect the output files to find any multicast packet.

You can also run below command to see the live traffic with word multicast in filter.
snoop -c e1000g -v arp | grep multicast

Initially you will have to ensure that suspected IP Addresses are resolving ARP entries while you do the trace. If they are already learned they may not appear in arp trace.

List the arp entries by using following command.
arp -an | egrep "192.168.0.1|192.168.1|etc"

In order to delete specific arp entries uses below.
arp -d 192.168.0.10 || arp -d "another ip address"

Now issue a ping while you are tracing the packets.
ping 192.168.0.1 && ping 192.168.0.2 && etc

More to come, however above should be sufficient for you ....

Popular posts from this blog

Useful website performance and load testing tools

http://tsung.erlang-projects.org/ http://httpd.apache.org/docs/2.0/programs/ab.html http://phantomjs.org/ https://developers.google.com/speed/pagespeed/ http://servermonitoringhq.com/blog/how_to_quickly_stress_test_a_web_server https://code.google.com/p/httperf/ http://loadimpact.com/ http://www.paessler.com/webstress http://loaduiweb.org/ http://en.wikipedia.org/wiki/Web_server_benchmarking http://en.wikipedia.org/wiki/Load_testing http://www.loadui.org/ http://www.loadtestingtool.com/index.shtml http://www.appdynamics.com/blog/devops/load-testing-tools-explained-the-server-side/

Copy files and folders using SCP with spaces in path

Copying data from one system to other with file or folder names that contain spaces in path can be achieved using this guide. In this case I am copying data from Macbook to Windows 10 computer. In order to copy the data easily it is better to use bash commands. Windows computer can support WSL (Windows subsystem for Linux) and you can run one of few linux distributions to use shell commands. I have Ubuntu set up within my Windows 10 using WSL. If you do not have WSL, you can set it up using my guide here . The copy can be performed in two ways: 1) Using SCP Source (MacOs) path: /home/Users/username/Documents/data extract from 2020/ First of all you add escape sequence to the path so it will become:  /home/Users/me/Documents/data\ extract\ from\ 2020/ . While this works on local system for SCP you'll have to double the escape sequences by replacing \ with \\, as below. Figure out your source computer IP address using "ifconfig" command. Now using scp command on target syst...

VMWare ESXi 6.5 HP Custom Image Upgrade to v6.5U3

I had been escaping the Unhandled Exception error every time I log into my ESXi standalone server running v6.5 on N54L and can't be upgraded to v6.7 due to process compatibility. I have finally found the HP Custom image updated to v6.5U3 which appeared to have the fix built into it. It was quite straightforward update using the l latest 6.5 HP image so as habit I am making notes here for myself and everyone else who may find it useful. First of all I downloaded HP Custom v6.5U3 image  by selecting Offline Bundle. I then placed it in my datastore e.g. ds001. Once copied I ran following command line after I was connected to ESXi using ssh. # esxcli software vib update -d /vmfs/volumes/ds001/VMware-ESXi-6.5.0-Update3-14990892-HPE-preGen9-650.U3.9.6.10.1-Dec2019-depot.zip This command took few seconds or may be minutes but confirmed that updates have been installed and will take effect after reboot. So I rebooted the host and it worked like magic. # reboot I did not place host in main...