OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato)

Examining How to start a Broadcast Analysis Part 1 Tony Fortunato, Sr Network Specialist The Technology Firm

Why Bother
Broadcasts can cause;
Network slowdowns
Rebooting or Frozen PC’s
Unreliable WIFI
Unpredictable application or window client performance
Extra ‘space junk’ that you need to sift through when troubleshooting
I have seen10% broadcast storm ‘lock up’ WInterms, while a 90% broadcast storm did nothing
In most cases, a broadcast or multicast packet will result in an interrupt on your PC

How
People always ask me how could 10% packet rate cause an issue.
Then I explain that we generated 2 loads with a traffic generator;
90 % broadcast rate
No noticeable issue
10 % broadcast rate
PC’s locked up or hung
Here are the number of theoretical number of packets you can generate, depending on packet size and media speed
90%, 1518 Byte packets on 100 MB link = 7,411 packets/second
10%, 64 Byte packets on 100 MB link = 19,531 packets/second
In many cases you can REDUCE broadcasts, not eliminate them

Common Networks and Related Issues
In some cases the math may reveal or explain some of your current issues
I still see many flat networks, everything on the same VLAN
There should be separate VLANS for minimally each technology

Sources of Broadcasters
Anything default protocol settings will send out extra broadcast or multicast packets
Printers
PC’s
Routing Protocols
Mis-configured standard PC builds
Example of excessive protocols
IPX
LLC or NetBEUI
IPV6, if you are a V4 shop and vice versa
STP, if you are not using spanning tree
Teaming or load balancing protocols
UPNP
RIP
New Microsoft Peer to Peer protocols

Now what?
How can I find out if I have this problem, or clean it up?
Protocol Analyzer is the easiest tool to use.
Start a capture from an idle PC and set a Stop Capture Trigger at 8 MB
Leave the PC alone – Go for lunch you deserve it ;b
Come back, and lets review the trace file

Step 1 – What’s out there?
For most people, step 1 involves looking at the screen and yelling, “HOLY @#$$@%$”
We’ll try another approach;
Go to Statistics -> Protocol Hierarchy
The hard part of this exercise is to have an idea or guess-timate of what protocols you think should be on the network
It s discouraging when I hear the analyst grumble, ‘I don’t know what that is, but there are only a few of those packets, so lets skip them’
I would hope now that you have the trace file, you can pick away at it whenever you have a moment

Step 2 – Pick a Protocol, Any Protocol
this customer does not use IPX for anything, so this would be a good start.
In this case I know this customer does not use IPX for anything, so this would be a good start.

Step 3; Pick An Address, Any Address
This is pretty easy now, the Fluke address is their Fluke Optiview , which leaves the Lexmark mac address.
Obviously this is a printer, but what is the IP address, so I can remotely fix it?
Simply filter on the Lexmark mac address, and click on the IPV4 tab.

Step 4; FIX IT!!!
Make sure your “ limit to display filter” is checked off
The .255 ip address is just a broadcast address
Simply telnet or use a web browser to connect to the printer and clean it up
In some cases, you can forward the IP’s to another department, who can do this

Examining How to start a Broadcast Analysis Part 1 Thank You Tony Fortunato, Sr Network Specialist The Technology Firm

For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools

http://www.lovemytool.com	273
http://www.slideshare.net	10
http://webcache.googleusercontent.com	1

OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato)

by LoveMyTool on Oct 22, 2009

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 284

Statistics

OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato) — Webinar Transcript