Firewall Wizards mailing list archives

Re: RE: Sniffing out a firewall problem

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 3 Nov 2001 12:04:46 -0500 (EST)


Your earlier suggestion made it appear the NIC in question was probably 
one of those on the firewall, which is why a number of folks have
suggested just taking the simple course of action and pulling the card and
replacing.  As has been suggested, some of the cable testers on the
market, and large sites should certainly have at least one of the higher
end cable testers available, can help track down and errantsegment or NIC
about as well as any sniffer, of course we used to use them in the days
when switches were not quite an issue yet, so, things might well be more
difficult in that arena these days, it's been a long while since I worked
in the area of cabeling and installs.  A sniffer was overkill in those
days, and brought out when other avenues could not locate the source of
the problem.  Of course a sniffer might well be my first choice tool for
something like this these days.   Remember, depending upon how segmented
and or switched your network, and how those switches <if it is a switched
network> are configured, it might well take some reconfigureing of
equipment and might well be an issue of sniffer placement to help resolve
this problem.  We often found it was a laptop issue, and could easily tell
it was so when collision levels were not always present and appeared only
during certain parts of the day when those folks with laptops came into
the office.  Also, looking at the desktop support trouble ticket requests
can quickly lead one to a source of such  problems, it's ost liekly the
machine and user in question are suffering connection issues due to their
broked NIC.  It's good to have an association with the folks in the
various IT departments just for the crop ups of such issues.  And, you
might get lucky and see something in the firewall logs that could help
point you in the proper direction of the problem source here, this would
be the first place one might look.  And, as always those windows
specific protocols are known for chattiness <netbeui/netbios> and oten run
up collision levels on segments.

Thanks,

Ron DuFresne

On Fri, 2 Nov 2001, Alan Young wrote:

That is the whole point, when you have 100 plus PC's to manage, I want to
see quickly which IP number is creating all the problem before I spend hours
tearing apart a bunch of machines.

-----Original Message-----
From: Thomas Ray [mailto:thomas.ray () tcud state tx us]
Sent: Friday, November 02, 2001 9:39 AM
To: firewall-wizards () nfr com; ayoung () veros com; aryoung () veros com
Subject: RE: Sniffing out a firewall problem

There is plenty of sniffer software out there that is free. But if you
already know which NIC is causing this, why bother sniffing?
just replace
the card. that's the fastest way to fix it. if you have
multiple NIC's in
the box, replace one at a time until the problem goes away.

if the NIC is giving you a broadcast storm, it's usually
defective. it could
also possibly be the patch cable too, so yes, it won't be easy to
troubleshoot.

how would I trblshoot it?
-replace all patch cables
  if the problem goes away, you know the cause

-replace NIC's one at a time
  if the problem goes away, you know the cause

-if your problem still exists after doing the above, and you
have a large
network, it's time to start sniffing if you can't trace the
problem to a
specific system

tom

Reply-To: <ayoung () veros com>
From: aryoung () veros com (Alan Young)
To: <firewall-wizards () nfr com>
Date: Wed, 31 Oct 2001 09:46:25 -0800
Subject: [fw-wiz] Sniffing out a firewall problem.

Hi All
We have been experiencing a firewall failure due to a NIC

card that is

apparently chattering and creating an extremely high number of
excessive
collisions.

What is the best way to debug this?
We need to install a sniffer program on a PC somewhere, right?
I have checked and sniffer software appears to be very expensive?
Is there freeware that is available for Win32?

This is definitely a job for the wizards.

Alan R. Young


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Sniffing out a firewall problem Thomas Ray (Nov 03)
- RE: Sniffing out a firewall problem Alan Young (Nov 03)
  - Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 03)
    - Re: RE: Sniffing out a firewall problem Ryan Russell (Nov 04)
    - RE: RE: Sniffing out a firewall problem Robert McMahon (Nov 05)
    - RE: RE: Sniffing out a firewall problem Chiman (Nov 06)
    - RE: RE: Sniffing out a firewall problem Anton (Nov 13)
    - Re: RE: Sniffing out a firewall problem Pierre-Yves BONNETAIN (Nov 09)
    - Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 05)
    - RE: Sniffing out a firewall -SNORT blew up registrty Chiman (Nov 06)
  - Re: RE: Sniffing out a firewall problem R. DuFresne (Nov 03)
- <Possible follow-ups>
- Re: RE: Sniffing out a firewall problem TDyson (Nov 03)
- Re: RE: Sniffing out a firewall problem Gregory Hicks (Nov 05)
  - Re: RE: Sniffing out a firewall problem Barney Wolff (Nov 08)
- RE: RE: Sniffing out a firewall problem Carl Friedberg (Nov 09)
  - Re: RE: Sniffing out a firewall problem Stephane Nasdrovisky (Nov 09)
  - RE: RE: Sniffing out a firewall problem M. Dodge Mumford (Nov 09)
- RE: RE: Sniffing out a firewall problem Carl Friedberg (Nov 10)