Firewall Wizards mailing list archives
Re: RE: Sniffing out a firewall problem
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 3 Nov 2001 12:04:46 -0500 (EST)
Your earlier suggestion made it appear the NIC in question was probably one of those on the firewall, which is why a number of folks have suggested just taking the simple course of action and pulling the card and replacing. As has been suggested, some of the cable testers on the market, and large sites should certainly have at least one of the higher end cable testers available, can help track down and errantsegment or NIC about as well as any sniffer, of course we used to use them in the days when switches were not quite an issue yet, so, things might well be more difficult in that arena these days, it's been a long while since I worked in the area of cabeling and installs. A sniffer was overkill in those days, and brought out when other avenues could not locate the source of the problem. Of course a sniffer might well be my first choice tool for something like this these days. Remember, depending upon how segmented and or switched your network, and how those switches <if it is a switched network> are configured, it might well take some reconfigureing of equipment and might well be an issue of sniffer placement to help resolve this problem. We often found it was a laptop issue, and could easily tell it was so when collision levels were not always present and appeared only during certain parts of the day when those folks with laptops came into the office. Also, looking at the desktop support trouble ticket requests can quickly lead one to a source of such problems, it's ost liekly the machine and user in question are suffering connection issues due to their broked NIC. It's good to have an association with the folks in the various IT departments just for the crop ups of such issues. And, you might get lucky and see something in the firewall logs that could help point you in the proper direction of the problem source here, this would be the first place one might look. And, as always those windows specific protocols are known for chattiness <netbeui/netbios> and oten run up collision levels on segments. Thanks, Ron DuFresne On Fri, 2 Nov 2001, Alan Young wrote:
That is the whole point, when you have 100 plus PC's to manage, I want to see quickly which IP number is creating all the problem before I spend hours tearing apart a bunch of machines.-----Original Message----- From: Thomas Ray [mailto:thomas.ray () tcud state tx us] Sent: Friday, November 02, 2001 9:39 AM To: firewall-wizards () nfr com; ayoung () veros com; aryoung () veros com Subject: RE: Sniffing out a firewall problem There is plenty of sniffer software out there that is free. But if you already know which NIC is causing this, why bother sniffing? just replace the card. that's the fastest way to fix it. if you have multiple NIC's in the box, replace one at a time until the problem goes away. if the NIC is giving you a broadcast storm, it's usually defective. it could also possibly be the patch cable too, so yes, it won't be easy to troubleshoot. how would I trblshoot it? -replace all patch cables if the problem goes away, you know the cause -replace NIC's one at a time if the problem goes away, you know the cause -if your problem still exists after doing the above, and you have a large network, it's time to start sniffing if you can't trace the problem to a specific system tomReply-To: <ayoung () veros com> From: aryoung () veros com (Alan Young) To: <firewall-wizards () nfr com> Date: Wed, 31 Oct 2001 09:46:25 -0800 Subject: [fw-wiz] Sniffing out a firewall problem. Hi All We have been experiencing a firewall failure due to a NICcard that isapparently chattering and creating an extremely high number of excessive collisions. What is the best way to debug this? We need to install a sniffer program on a PC somewhere, right? I have checked and sniffer software appears to be very expensive? Is there freeware that is available for Win32? This is definitely a job for the wizards. Alan R. Young_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Sniffing out a firewall problem Thomas Ray (Nov 03)
- RE: Sniffing out a firewall problem Alan Young (Nov 03)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 03)
- Re: RE: Sniffing out a firewall problem Ryan Russell (Nov 04)
- RE: RE: Sniffing out a firewall problem Robert McMahon (Nov 05)
- RE: RE: Sniffing out a firewall problem Chiman (Nov 06)
- RE: RE: Sniffing out a firewall problem Anton (Nov 13)
- Re: RE: Sniffing out a firewall problem Pierre-Yves BONNETAIN (Nov 09)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 03)
- Re: RE: Sniffing out a firewall problem Peter Lukas (Nov 05)
- RE: Sniffing out a firewall -SNORT blew up registrty Chiman (Nov 06)
- RE: Sniffing out a firewall problem Alan Young (Nov 03)
- <Possible follow-ups>
- Re: RE: Sniffing out a firewall problem TDyson (Nov 03)
- Re: RE: Sniffing out a firewall problem Gregory Hicks (Nov 05)
- Re: RE: Sniffing out a firewall problem Barney Wolff (Nov 08)
- RE: RE: Sniffing out a firewall problem Carl Friedberg (Nov 09)
- Re: RE: Sniffing out a firewall problem Stephane Nasdrovisky (Nov 09)
- RE: RE: Sniffing out a firewall problem M. Dodge Mumford (Nov 09)
- RE: RE: Sniffing out a firewall problem Carl Friedberg (Nov 10)