NETWORKING

  • 11/18/2015
    8:30 AM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Network Troubleshooting: Broadcast Analysis 101

In this video, Tony Fortunato demonstrates how packet capture analysis can uncover network misconfigurations and other problems.

When I'm working at a client site, I always start a packet capture -- with the client's permission of course -- and stop after approximately 1,000 packets. Then I review the various protocols and services sent out on the wire by any network-connected device. I will see packets from clients, servers, phones, printers, switches, routers, and other devices. I do not need a tsp, mirror/span port to do this broadcast analysis.

By analyzing this traffic, I can make suggestions to clean up  "space junk" (all those unnecessary packets) floating around the network. The benefits of going through this exercise are many. For example, you will have fewer packets to sift through when performing network troubleshooting. In some cases, it will be easy to pinpoint problems. In extreme cases, I have seen standard configurations cause broadcast storms that were easily fixed by cleaning up the desktop standard configuration. In other cases, I have found problems such as misconfigured load balancing and misconfigured ip helper addresses. 

I encourage you to take a quick sample of your network traffic and give it a try.  You will be surprised at what you find.

In this video, I cover STP, LLDP, CDP, NTP, LLMNR, IPv6 and SSDP, what they look like in your trace, and what to do when you come across them. I also discuss how you can streamline your analysis by  leveraging the Protocol Hierarchy and Endpoint report features in Wireshark. If you are using another protocol analyzer, poke around and you should find similar reports.


Comments

Efficiency Saves Capital

Turning off services that are not required will always save capital for the consumer and enterprise. For instance, if a laptop has just been purchased or the user has been utilizing it for around 6 months, it is a good idea to go into msconfig to disable the services and startup items that are not required. A few clicks can be substituted with a user's request to upgrade the ram to 8GB. The same applies to the network. 

Re: Efficiency Saves Capital

very well written and I couldn't have said it any better myself

Re: Efficiency Saves Capital

Number of organizations prefer to keep default configuration settings. This leaves all switches in the environment using the default root bridge priority of 32768. If all switches have the same root bridge priority, the switch with the lowest MAC address will be elected as the root bridge.

Re: Efficiency Saves Capital
Exactly. . Thanks.
Re: Efficiency Saves Capital

Agreed, default settings should be viewed as operational settings not as optimum settings. There have been reports of businesses that have left passwords at their default values, needless to say, after a few months these have turned into huge security issues. Like you said, I feel it would be good if default settings are given a second viewing.