best method to detect offending NIC (slow network)

best method to detect offending NIC (slow network)

Post by gaius.petroni » Wed, 06 Mar 2002 20:09:05



(Linux Mandrake)

What's the best method to detect an offending NIC that is causing a
broadcast storm on the network?

At the moment i am using tcpdump and filtering the output through a
series of egrep counts.  i think there must be a better way than this.
 The ip addresses with the largest number of requests then become my
prime suspects.  is there a more logical approach, or a better tool
that runs on Linux?

 
 
 

best method to detect offending NIC (slow network)

Post by Michael Heimin » Wed, 06 Mar 2002 20:33:13



Quote:> (Linux Mandrake)

> What's the best method to detect an offending NIC that is causing
> a broadcast storm on the network?

> At the moment i am using tcpdump and filtering the output through
> a
> series of egrep counts.  i think there must be a better way than
> this.
>  The ip addresses with the largest number of requests then become
>  my
> prime suspects.  is there a more logical approach, or a better
> tool that runs on Linux?

Try 'man tcpdump', is has lots of filters builtin, you just need to
turn on. Or try 'ethereal' it has a GUI.

Michael Heiming
--
Remove the +SIGNS case mail bounces.

 
 
 

best method to detect offending NIC (slow network)

Post by Tauno Voipi » Wed, 06 Mar 2002 22:11:02



Quote:> (Linux Mandrake)

> What's the best method to detect an offending NIC that is causing a
> broadcast storm on the network?

> At the moment i am using tcpdump and filtering the output through a
> series of egrep counts.  i think there must be a better way than this.
>  The ip addresses with the largest number of requests then become my
> prime suspects.  is there a more logical approach, or a better tool
> that runs on Linux?

If it is a broadcast storm, you could direct tcpdump to listen to the
broadcast address only.

Tauno Voipio

 
 
 

best method to detect offending NIC (slow network)

Post by a.. » Sat, 09 Mar 2002 09:49:40




Quote:>(Linux Mandrake)

>What's the best method to detect an offending NIC that is causing a
>broadcast storm on the network?

>At the moment i am using tcpdump and filtering the output through a
>series of egrep counts.  i think there must be a better way than this.
> The ip addresses with the largest number of requests then become my
>prime suspects.  is there a more logical approach, or a better tool
>that runs on Linux?

ntop might be useful to you.
http://www.ntop.org/ntop.html

Richard

 
 
 

1. Best mount method for slow connection

What is the best way to mount a NFS share over a relativly slow
connection. Currently we use the automounter for mounts at our local
facility, but we will be moving a few of the Ultra 10's to another
facility in the WAN. These boxes will still need to mount a NFS share.
Ping response times with 32bytes of data is 100-200ms to that part of
the WAN.

Thanks for the suggestions in advance.
Jarrett Jones

2. HELP! Fat cache corruption message!

3. Network load sharing - best method?

4. Sorting a array

5. Detect if a NIC is attached to a network and reconfigure using DHCP

6. what damage will be caused by accidentally doing this

7. How to specify/detect an NIC when using two or more NIC

8. random hangs w/ Linux 2.0.3[04], AHA-1520B, Sony 7000 DDS2

9. NIC slow/network tools

10. Help - Slow Network - What NIC ?

11. Standard Method of Handling/Detecting Out of Virtual Memory condition

12. Cheap method to detect if dsl signal is on line!

13. Slow network traffic, (connecting 2 server is slow)