| View previous topic :: View next topic |
| Author |
Message |
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
 Posted: Wed Mar 12, 2003 1:20 am Post subject: strange packets on eth0 |
 |
|
Hi there,
I've catched some packets with tcpdump on my eth0. But I just don't know what that is. It looks like some kind of switch traffic. But why is it almost flodding me (at least once per second)?! Is there anybody who could explain it to me?
| Code: | | 02:14:54.924007 802.1d config 8000.00:03:e3:e1:17:00.8013 root 8000.00:03:6b:78:14:80 pathcost 38 age 2 max 20 hello 2 fdelay 15 |
Thanks,
Marcel
PS: Neither the first nor the second hex-number in the message is my MAC. Perhaps a switch?! Well, I dont' know... |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Mar 12, 2003 1:38 am Post subject: STP |
|
|
It's spanning tree, a protocol switches use to make path decisons. Most likely STP is active on the switches and one is plugged into a hub which is blasting it across all ports.
You should not mess with STP unless your layer 2 skills are up to par. It's quite easy with an organicly built network to blow it to hell. Not that I've ever done such... nope not me.
If the chattiness is a problem you may want to look at cleaning up your internal arch, making some decisions on where you need STP, etc.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
| Posted: Wed Mar 12, 2003 2:05 am Post subject: |
|
|
Oh, cool. Thanks. Indeed, I question if this is needed. At least not every 2 seconds (hello time), the network consists of approx. 100 computers with almost no changes.
Since I'm new here in this network, I don't have any clue about the architecture. But I saw quite a few ciscos down there; I managed to get around administrating switches and co. until now *g* Well, it looks like the times are over and I have to read docs... 
What would you suggest? Try to clean up the traffic or better not touch anything (you know "changing running systems" and so...  ).
Thanks,
Marcel |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Mar 12, 2003 2:23 am Post subject: |
|
|
| meyerm wrote: |
What would you suggest? Try to clean up the traffic or better not touch anything (you know "changing running systems" and so... ).
|
If you aren't having problems and don't need new functionailty don't touch anything is the cardinal rule of networking... and probably most technology 
Most cases consist of 4-5 "good" switches that were purchased recently and 10-20 "bad" switches or hubs that are forming the core of the network. The trick is the make the new switches the core and hang the old switches off them. If you do that there should never be more than 3 or 4 network devices between users rather than the 5 to 9 that might be the case. The Cisco's in your case have quite a bit more control over what you broadcast, STP, VLANs, etc than older switches or hubs. With some thought you can split things up, control your broadcasts, etc.
Again this is a lengthy process and fairly easy to cause an outage in a multivendor situation. If you're not seeing definite problems I'd stay away from it.  Or opt for a gradual switchover.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.
Last edited by kashani on Wed Mar 12, 2003 2:31 am; edited 1 time in total |
|
| Back to top |
|
|
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
| Posted: Wed Mar 12, 2003 2:28 am Post subject: |
|
|
| kashani wrote: | | Again this is a lengthy process and fairly easy to cause an outage in a multivendor situation. If you're not seeing definite problems I'd stay away from it. Or opt for a gradual switchover. |
OK, you're probably right. As long as nobody complains and gets his/her email I will let it pollute the net
Thanks,
Marcel |
|
| Back to top |
|
|
snis
Tux's lil' helper
Joined: 03 Mar 2003
Posts: 93
Location: Stockholm, Sweden
|
| Posted: Wed Mar 12, 2003 9:47 am Post subject: |
|
|
As Kashani say, Never touch anything that's working.
On the other hand...
STP's primary use is to detect loops in your network, when a loop is dectected it blocks a port to stop the loop.
when a port gets active, the STP aware switch will block the port at first to see that there is no possible loop, this can be abit anoying if it is an edge port.
If you now for sure that there is no loops in your network.
and that the physical (layer1) network connections isn't handled by the common employee...
then you can safely disable STP in your switches.
Cisco is a product that has as much features turned on by default as possible. |
|
| Back to top |
|
|
meyerm
Veteran
Joined: 27 Jun 2002
Posts: 1311
Location: Munich / Germany
|
| Posted: Wed Mar 12, 2003 1:04 pm Post subject: |
|
|
| snis wrote: | If you now for sure that there is no loops in your network.
and that the physical (layer1) network connections isn't handled by the common employee... then you can safely disable STP in your switches. |
Hmm, since the relevant network is in a dormitory, there is no danger that anybody changes the wiring (ok, it's almost only concealed cabling ).
I think I will search for a deeper STP documentation on the cisco homepage and start becoming acquainted with those cisco-switches at first bevor even firing up telnet
Thank you both for your informations.
Marcell |
|
| Back to top |
|
|
|
Networking & Security
