Greetings all, I was doing a sniff with wireshark and noticed my network was sending between 400-800 packets per second with over 98% of them under the 'OTHER' label when sniffing. They were labeled with the protocol LLC and my log was flooded with the screenshot below. Can anyone provide some insight as to what may be causing so many packets being generated on my network? Thank you
asked 12 Jun '13, 09:30  billjackson |
2 Answers:
I would say, that the device with the MAC address 'ASUSTEKC_e7:0b:5e' is broken and thus it sends 'unstructured' data to the network (due to a broken driver or a broken NIC). Wireshark tries to decode that data as best as it can. And just by chance it decodes the packets as LLC and X.25. Please identify that device on the network (you can use the switch 'CAM table' to find the port) and then figure out what's wrong with that device. Maybe a simple reboot fixes the problem (if it is caused by a crashed driver). Regards answered 12 Jun '13, 12:46  Kurt Knochner ♦ edited 12 Jun '13, 13:20 |
Check out source MAC address of packets to determine which device is the source of unwanted traffic. answered 12 Jun '13, 12:03  klodovic the source shows ASUSTEKC_e7:0b:5e , also i have over 100 devices on site here!! (12 Jun '13, 12:16) billjackson trace the ASUSTEKC_e7:0b:5e MAC address on your network segment to see on which switch and on which port of that switch is the ASUSTEKC_e7:0b:5e connected (12 Jun '13, 12:35) klodovic |
thank you Kurt Knocher, you are helpful. how do I give you karma too? i already gave some to Klodovic
you can't as you don't have any karma left. "giving" extra karma, means donating some of your own karma.
If you select one answer as the correct one by using the check mark (after thoroughly checking its value) you can give 25 extra karma points to the one who helped you most with the his answer. Please see the FAQ.