[ale] Linux Box is Garbage Spewer please help!

djinn at djinnspace.com djinn at djinnspace.com
Wed Jun 20 15:41:37 EDT 2001




On Wed, 20 Jun 2001 tewkewl at mindspring.com wrote:

> ...what exactly is "spewing garbage"?  What is garbage? 

More specifically, our outbound traffic report went crazy yesterday...from
about 30% utilization of our 128k (normal)  to 100%.  It dropped off to
below 30% around 3am, then spiked back up to 100% around 8am and stayed
there.  They run Windows traffic monitors with which I am unfamiliar to
ascertain clients' bandwidth, and I got the report in response to my
complaint that pinging the machine from the outside was showing 5000+ms
response time.

> Do they have any source/destination addresses?  
>Was the garbage alot of broadcasts?  What is garbage?  What the hell kind
>of assessment is that?  Were they sniffing your link to see this
"garbage"?  
>Was it packet based?  Or could it have been bad ethernet frames from a
nic 
>going haywire?

Um...yes. :)  I dont know for sure what garbage is...that's what I'm
running tcpdump to find out.  They could not help me beyond telling me
that the pipe was full...couldn't even tell me which machine it was coming
from.  That's why i'm asking so many questions, because I really need to
know whose fault it is and they're not helping me at all.

> 
> And promiscuous mode is indeed promiscuous mode...some nics may not be able to drop into full promiscuos (to examine runts and the like) but most are capable of mostly promiscuous. :)  The only problem is that if your isp has your servers running into a switch, the only thing you will see are broadcasts. And I would hate to think that if they are indeed on a switch, that you would be in the same vlan with other customers.  IF that were the case anybody on that switch could play man in the middle against any other customer. 
> 

So if I'm in promiscuous mode, I should be able to see anything that comes
across the wire, but how far does that go?  I mean, is this in my
broadcast range?  Is this only as far as the switch/router?  I don't know
if we're switched or not, I thought we were.  If we are,
shouldn't  I be unable to see any packets except my 1.2.3.4-1.2.3.10
ones?

Anyone teach any courses on practical networking for ignorant sys
admins???

jenn

> -Patrick
> 


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list