[lug] Can a Hub go bad?

Tim Klein teece at silverklein.net
Sat Jul 28 12:10:15 MDT 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well,

I have two networks, one with publice IPs, and one with private 
IPs.  I switched the hubs on the 2 nets.  Guess what?  The 
problem followed the 3Com.  On the private net, I also get a 
packet storm, with the 3Com running things.  Ifconfig -a does 
show lots of errors.  Looks like my hub has gone bad.  I have 
ordered  D-Link switch as a replacement.

Go figure.

Thanks for the help,

Tim

On Friday 27 July 2001 12:44 pm, John Hernandez wrote:
> Tim, this could be many things.  A broadcast storm of some
> type, or even a DOS attack.  Tcpdump should be able to decode
> all the Ethernet frames on the wire for you.  The name is
> misleading, since it's really a rudimentary (and very useful)
> sniffer that puts your interface in promiscuous mode and
> reports to you what's on the wire (not just TCP traffic).  You
> can try 'ip proto udp', or 'ether broadcast'.  Ethereal is a
> more user-friendly sniffer.  You should be able to determine
> the source and type of the offending packets using these
> tools.  I've seen hubs and switches go haywire before,
> generating lots of noise on the wire.
>
> I'd be curious to hear what you find.
>
> -John
>
> Tim Klein wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello All,
> >
> > Of course a hub could go bad, but could it cause this
> > problem?:
> >
> > I have a DSL connection from a Cisco 675, and two machines
> > with static IPs, connected to a 10/100 3Com hub.  The Cisco
> > is in bridging mode, giving the 2 machines access to the
> > Internet. These machines run Debian Sid.
> >
> > About 2 days ago, I noticed the activity and collision
> > lights on the hub start to go nuts, as in, they were
> > blinking several times a second, non stop.  After trying to
> > track down what was causing this (shutting machines off,
> > power cycling the modem, etc) I was not able to stop this
> > activity, or even track it. After about a day, Internet
> > performance degraded to the point where it was considerably
> > worse than a dial up modem.
> >
> > So today, I started to attack the problem seriously.  I
> > found that the packets seem to be UDP.  This is a guess, as
> > I run SNORT.  It sends me a daily report, usually my network
> > is about 95% tcp.  But the last report was 85% udp!  This
> > was a giant change.  Which would also explain why my tcpdump
> > investigating turned up nothing.  What's a similar tool to
> > track udp?
> >
> > The reason I am suspecting the hub is this:  with both
> > machines off, and only the Cisco powered up, I still have
> > plenty of activity lights blinking, on the Cisco and the
> > hub.  Today, I unplugged the hub, found my cross over cable,
> > and plugged the Cisco directly into one of my machines.  All
> > abnormal activity has disappeared.  Internet performance is
> > back up to par.
> >
> > What the heck could be causing this?  I can't imagine that
> > it really is the hub, but I can't find anything on either of
> > my machines spewing packets.
> >
> > TIA,
> >
> > Tim
> > - --
> > ==============================================
> > == Timothy Klein || teece at silverklein.net   ==
> > == ---------------------------------------- ==
> > == "Hello, World" 17 Errors, 31 Warnings... ==
> > ==============================================
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE7YbCKnjAB6bVab/sRAkbBAJwM+vqbGMYuMf7yOwvCGlkZ6WHMngCe
> >NkLg Au320Z6lJYgvqgnwGgInuCE=
> > =opsT
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List:
> > http://lists.lug.boulder.co.us/mailman/listinfo/lug

- -- 
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7YwARnjAB6bVab/sRAuRUAJ4+xFaZ4LgdfgNKMdMa4UTm93cjaQCdE+cf
Vk4AGElXcjRGuynV1FMGH90=
=j3bX
-----END PGP SIGNATURE-----

More information about the LUG mailing list