1. How many devices do you have that are potentially causing the udp flood?
2. Can you localise the source of the flood to a layer 2 device or a layer 3 device?
3. Can you have a look at the packet counters on suspected devices? Perhaps you can zero out the per port metrics and check on them after awhile to home in on ports with large deltas.
4. Or you can install a monitoring agent on all your devices to report on network traffic statistics.


On Wed, Jun 4, 2014 at 8:43 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
here are some logs captured 

15h 27m 6s 1:48 Port reached saturation threshold: 98.7Mbps/98.5Mbps(99/99) >85% of 100Mbps
15h 27m 7s 1:46 Port reached saturation threshold: 613kbps/90.7Mbps(1/91) >85% of 100Mbps
15h 27m 8s 1:43 Port reached saturation threshold: 19.4Mbps/98.7Mbps(19/99) >85% of 100Mbps
15h 27m 9s 1:30 Port reached saturation threshold: 4.19Mbps/95.8Mbps(4/96) >85% of 100Mbps
15h 27m 11s 1:24 Port reached saturation threshold: 4.77Mbps/95Mbps(5/95) >85% of 100Mbps
15h 27m 12s 1:15 Port reached saturation threshold: 97.7Mbps/80.0Mbps(98/80) >85% of 100Mbps
15h 27m 14s 1:13 Port reached saturation threshold: 2.27Mbps/88.6Mbps(2/89) >85% of 100Mbps
15h 27m 15s 1:12 Port reached saturation threshold: 98.0Mbps/69.5Mbps(98/70) >85% of 100Mbps
15h 27m 23s 1:5 Port reached saturation threshold: 94.2Mbps/30.6Mbps(94/31) >85% of 100Mbps


On Wed, Jun 4, 2014 at 8:39 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
okay i am looking at my switch DGS-3100 , i want to enable storm broadcast control , is 3500 Kbps a good threshold ? thats the defualt on the device.


On Tue, Jun 3, 2014 at 1:51 PM, Okechukwu <okechukwu@gmail.com> wrote:
This is why graphing switch ports is always a good idea! Log in to switch and check each port

./Ok3ch


On Tue, Jun 3, 2014 at 1:03 PM, Thuo Wilson <lixton@gmail.com> wrote:

On 3 June 2014 11:27, geoffrey gitagia <ggitagia@gmail.com> wrote:
  i am suspecting i might have a device in the network causing a udp/TCP flood , i have cleaned PCs (antivirus ) and still i seem not to be able to get the culprit even when looking at wireshark to check broadcasting IP's and have eliminated the PCs  ,what can i do to get to the bottom of this.
Traditional method by 

  • Elimination method.
  • Narrow down to switch port (ploting ports?)


Kind Regards,
Wilson./

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
GG




--
GG


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke