1. How many devices do you have that are potentially causing the udp flood? 2. Can you localise the source of the flood to a layer 2 device or a layer 3 device? 3. Can you have a look at the packet counters on suspected devices? Perhaps you can zero out the per port metrics and check on them after awhile to home in on ports with large deltas. 4. Or you can install a monitoring agent on all your devices to report on network traffic statistics. On Wed, Jun 4, 2014 at 8:43 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
here are some logs captured
15h 27m 6s <http://10.0.0.194/> 1:48 <http://10.0.0.194/device/device=16/tab=port/port=51514/> Port reached saturation threshold: 98.7Mbps/98.5Mbps(99/99) >85% of 100Mbps 15h 27m 7s <http://10.0.0.194/> 1:46 <http://10.0.0.194/device/device=16/tab=port/port=51512/> Port reached saturation threshold: 613kbps/90.7Mbps(1/91) >85% of 100Mbps 15h 27m 8s <http://10.0.0.194/> 1:43 <http://10.0.0.194/device/device=16/tab=port/port=51509/> Port reached saturation threshold: 19.4Mbps/98.7Mbps(19/99) >85% of 100Mbps 15h 27m 9s <http://10.0.0.194/> 1:30 <http://10.0.0.194/device/device=16/tab=port/port=51496/> Port reached saturation threshold: 4.19Mbps/95.8Mbps(4/96) >85% of 100Mbps 15h 27m 11s <http://10.0.0.194/> 1:24 <http://10.0.0.194/device/device=16/tab=port/port=51490/> Port reached saturation threshold: 4.77Mbps/95Mbps(5/95) >85% of 100Mbps 15h 27m 12s <http://10.0.0.194/> 1:15 <http://10.0.0.194/device/device=16/tab=port/port=51481/> Port reached saturation threshold: 97.7Mbps/80.0Mbps(98/80) >85% of 100Mbps 15h 27m 14s <http://10.0.0.194/> 1:13 <http://10.0.0.194/device/device=16/tab=port/port=51479/> Port reached saturation threshold: 2.27Mbps/88.6Mbps(2/89) >85% of 100Mbps 15h 27m 15s <http://10.0.0.194/> 1:12 <http://10.0.0.194/device/device=16/tab=port/port=51478/> Port reached saturation threshold: 98.0Mbps/69.5Mbps(98/70) >85% of 100Mbps 15h 27m 23s <http://10.0.0.194/> 1:5 <http://10.0.0.194/device/device=16/tab=port/port=51471/> Port reached saturation threshold: 94.2Mbps/30.6Mbps(94/31) >85% of 100Mbps
On Wed, Jun 4, 2014 at 8:39 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
okay i am looking at my switch DGS-3100 , i want to enable storm broadcast control , is 3500 Kbps a good threshold ? thats the defualt on the device.
On Tue, Jun 3, 2014 at 1:51 PM, Okechukwu <okechukwu@gmail.com> wrote:
This is why graphing switch ports is always a good idea! Log in to switch and check each port
./Ok3ch
On Tue, Jun 3, 2014 at 1:03 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 3 June 2014 11:27, geoffrey gitagia <ggitagia@gmail.com> wrote:
i am suspecting i might have a device in the network causing a udp/TCP flood , i have cleaned PCs (antivirus ) and still i seem not to be able to get the culprit even when looking at wireshark to check broadcasting IP's and have eliminated the PCs ,what can i do to get to the bottom of this.
Traditional method by
- Elimination method. - Narrow down to switch port (ploting ports?)
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke