Skip to main content

How to detect Multicast traffic flooding a switched network

Multicast traffic specially the one generated by Microsoft's NLB Cluster can flood the network even if it is switched network. Network engineers will often feel the switches acting like a classic hub completely defeating the purpose of switched networks. Microsoft intentially did this in their NLB Cluster by design to achieve the load balancing or express delivery or response to network traffic dealt by their load balancers.

In order to track or detect symptoms you will have to trace network packets across network from any port. This can be done using Wireshark on Windows and Snoop on Solaris Unix systems.

Packet trace will usually be carried out on one of the network interface connected to VLAN or network in question. In below example we are using Unix snoop command but we would also use other commands to determine what is required.

$ bash # access the Bash Shell
$ ifconfig -a # list the interface details and write down the interface you want to investigate.

Now we are going to run the snoop on one of the interfaces we wanted to investigate.

snoop -c e1000g -v arp 2>&1 > /tmp/e1000g.txt

If you have more than one interface you may have to run below at the same time.

snoop -c e1000g1 -v arp 2>&1 > /tmp/e1000g1.txt & snoop -c e1000g2 -v arp 2>&1 > /tmp/e1000g2.txt

Break the connection using Ctrl+C or Break and inspect the output files to find any multicast packet.

You can also run below command to see the live traffic with word multicast in filter.
snoop -c e1000g -v arp | grep multicast

Initially you will have to ensure that suspected IP Addresses are resolving ARP entries while you do the trace. If they are already learned they may not appear in arp trace.

List the arp entries by using following command.
arp -an | egrep "192.168.0.1|192.168.1|etc"

In order to delete specific arp entries uses below.
arp -d 192.168.0.10 || arp -d "another ip address"

Now issue a ping while you are tracing the packets.
ping 192.168.0.1 && ping 192.168.0.2 && etc

More to come, however above should be sufficient for you ....

Popular posts from this blog

TrueCrypt on macOS X Mojave 10.14

If you have updated your macOS recently to Mojave otherwise known as verison 10.14 you may not be able to install the last version of Truecrypt in order to access your old volumes encrypted with Truecrypt software. This article will guide you to get this working on your MacOS v10.14 (Mjoave) . Download the package from  https://truecrypt.ch/downloads/  or  https://www.truecrypt71a.com/downloads/ . Find downloaded package using Finder in your HDD/Users/username/Downloads folder and will look like  TrueCrypt 7.1a Mac OS X.dmg . Open file location in Finder and open or double click on  TrueCrypt 7.1a Mac OS X.dmg . This will mount Truecrypt 7.1a and will have Truecrypt 7.1a.mpkg in it. Drag the package T rueCrypt 7.1a.mpkg and drop in your Downloads folder. From Locations in Finder you can eject your TrueCrypt mount. Now go to your Downloads location, find the file  TrueCrypt 7.1a.mpkg , right click and select Show Package Contents . Find the file Contents/distribution.di

Tools you need before you start using Terraform for orchestration infrastructure in cloud

Terraform one of the famous open source tool used for planning, deploying and maintaining infrastructure as a code and the beauty of this tool is that it works across various cloud service providers. Even though I personally like the AWS Cloudformation, it is AWS only and most probably it will always remain limited to Amazon Web Services. It has few advantages over other tools when using with AWS and will be the first to have new AWS features incorporated before other tools and APIs catch up. However if you are not limiting yourself to AWS only or have hybrid environment you may want to use a 3rd party tool compatible for all cloud infrastructures. Terraform being one of them is youngest client only tool and this article will help you setting up your desktop environment and give you understanding of how it works before you can start to code. Prerequisites: Computer running Windows, Linux, Solaris or MacOS operating system. Downloads: Download Terraform directly from the crea

Running VNC Server as a Service on Ubuntu

Method 1: VNC Server as a Service on Ubuntu desktop similar to Redhat sysconfig sudo apt-get install vncserver sudo mkdir -p /etc/sysconfig sudo touch /etc/sysconfig/vncservers sudo vi /etc/sysconfig/vncservers # Add following VNC Server instances where username and arguments are defined for each session. VNCSERVERS=" 1:user1 2:user2 3:user3 " VNCSERVERARGS[1]=" -geometry 1280x992 -depth 16 " VNCSERVERARGS[2]=" -geometry 800x600 -depth 8 " VNCSERVERARGS[3]=" -geometry 980x720 " sudo vi /etc/init.d/vncserver # Add below to the service script #!/bin/bash # # chkconfig: - 91 35 # description: Starts and stops vncserver. \ # used to provide remote X administration services. # Source function library. # . /etc/init.d/functions # Source networking configuration. # . /etc/sysconfig/network # Check that networking is up. # [ ${NETWORKING} = "no" ] && exit 0 unset VNCSERVERARGS VNC