« Colasoft Capsa Provides Comprehensive Network Analysis at Your Fingertips
Top4download released a review of Capsa 6.9R2 »

Monitor broadcast storm with Colasoft Capsa


Causes of broadcast storm:

  • Incorrect network design and plan
  • Network equipment damage
  • HUB is easily lead to broadcast storm as broadcast equipment
  • NIC or switching equipment damage
  • Network loop
  • Incorrect router configuration
  • Virus

How to detect Broadcast Storm:

step1. Set up broadcast packets filter
Open Filter –> Add –> From Filter Table, check "Broadcast":

untitled-11

step2. Detect relevant parameters of the broadcast storm

untitled-21

1. Statistical parameters

  • broadcast packets bytes
  • total broadcast packets
  • packets per second
  • packet size distribution
  • protocol type
  • etc (add according to your own network)

How to make use of these paramaters?

Take a 100M ethernet for example. The maxmize packet per second is 12.5M x 1024 = 12800 Bytes/s. If the value of packet

per second of broadcast is greater or close to it, then we can define there’s broadcast storm.
The packets sum, number, and its size distribution are different according to the size of network.
Protocol Type is mainly to stats the protocols with the largest traffic utilization. (PS: Care must be taken to distinguish ARP

Request and ARP Response, ARP Request is broadcast, while ARP Response is unicast.)

2. IPID Identification of the packet

IPID is the unique flow to identificate the packet. If there’s a protocol in a large traffic utilization, we can check its IPID in

Packets view, if they are the same, we can confirm it is caused by network loop.

untitled-31

Currently, network loop is one of the mainly causes to broadcast storm.

3. Check the Utilization

untitled-4

How to make use of the utilization paramaters?

Utilization is divided into "Utilization (bits)" & "Utilization (percentage)". The computational process of network utilization is: bits per second(in "Summary" view) / network bandwidth(100M or 1000M Ethernet). Ordinary, the network is perfect if the utilization is 50% in a ethernet, we can get the conclusion that there must be broadcast storm in the network if the utilization of broadcast is over 30%.

Download the latest Capsa 6.9R2(windows 7 supported) to monitor your network perfermances in time.

0
Vote

, ,

This entry was posted on Wednesday, July 29th, 2009 and is filed under Tips & How-tos. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. #1 by teinby at August 10th, 2009

    thank you! I really liked this post!

    Quote
(will not be published)
  1. No trackbacks yet.
 

You need to log in to vote

The blog owner requires users to be logged in to be able to vote for this post.

Alternatively, if you do not have an account yet you can create one here.

Powered by Vote It Up