Lurkers, Sniffers and Puzzlers,
I've got a cool set up with a Raspberry Pi (Debian Stretch) set up as a sniffer
in a client's office is southern VT. Office has 20ish machines networked and
the router is an Asus RTAC3200 (https://www.asus.com/us/Networking/RTAC3200/).
I've modified the iptables on the router to mirror all traffic to the pi.
So I'm sniffing packets and then analyzing the packet capture with wireshark.
I see a lot of black and red and pink which are quite discordant and non
harmonious. I've been sshed into the pi to run the packet dumps with tcpdump.
These packets are showing
* TCP out-of-order
* TCP Retransmission
* TCP Dup ACK
* RST-ACK
* TCP ACKed Unseen Segment
These packets are icky and pink with black backgrounds. They appear to be
across many different IPs. I haven't determined if all IPs are seeing these
issues. I don't have a network topology map at present. They appear to be 15
percent of the packets flowing through the network. I know *some amount* of
these are OK and networks are resilient, but this seems a bit much.
Client reports that they are using a 12 year old "ProSafe 24 Port Switch" for
connecting most of their machines.
Since the packet problems are being observed across IPs, is it reasonable to
assume the switch is possibly causing problems? Is there any way to test the
switch? Any ideas for how to get more info and try to determine the source of
these problems?
Bonus clues: client reports some problems with a Drobo in the network, which he
thinks is due to bad hardware on the drobo. Otherwise the network functions
smoothlyish. Prior to setting up the router to mirror traffic to the pi, I ran
a sniff on the broadcast traffic running through the network and saw no TCP
issues with that traffic.
Thanx all. Hope you turkeys will be gathered with happy humans and not staring
at screens on Thanksgiving next week!
--
Joe Golden /_\ www.Triangul.us /_\ Coding, Drupalism, Open Sourcery
