How to Detect Possible Network Loops in Network?
Do you know what a network loop is? Have you ever had a network loop in your LAN? No matter you want it or not, a network loop in the LAN can bring down your whole network.
First, let’s see what a network loop is. What does a network loop do? A network loop is a network configuration there is more than one path between two computers or devices, which causes packets to be constantly repeated. This is due to the fact that a hub will blindly transmit everything it receives to all connections – other devices, such as switches and routers, might be able to reduce or eliminate this problem.
In this article, I’m going to show you how to detect the network loops in network with Capsa network analyzer 7.1?
Let’s start Capsa, and then add in the packet file into the ready-to-replay list. Without any other settings, click this icon to start replay directly.
To detect network loops, first we come to the Dashboard tab. The graphs show that the traffic is not big. We can conclude that, no machine is keeping sending a large sum of packets, to block the bandwidth.
We can sure from the Protocol tab, that only ICMP is used in the traffic. However, in Diagnosis tab, there is one record, IP TTL too low, which means a packet has passed too many routers. That is a sign od network loop.
And we can see the anomaly happens at IP address, one seventy two, dot sixteen, dot two zero eight, dot thirty three. Let’s start from this address. Right-click on the address, and locate it.
Then, go directly to the packet tab. We can see all the packets are ICMP packets. And we find the delta time between the packets is very small, and there are more than twelve thousand packets. This couldn’t be normal. Just a simple ping can’t produce so many packets, it looks like network loop a little bit.
To confirm our guess, we should go down to the digits in the packets. We can compare the field information of different packets, by checking the fields in this pane. While we come to the identification field, we can see there are so many packets have the same identification number. We know that one ICMP packets has its own identification number, there’s no way that so many packets have the same number. Now we are much sure it’s a network loop. But to make sure of this, we need to see another important field, TTL value. Check the Time To Live field. We can see that the same ICMP packet loops around the router, and each time it passes the router, its TTL value is reduced by one. Until its TTL value comes to zero, it’s dropped by the router. Then another packet does it again.
This is the end of the story. Hope you already know how to find out network loop in network with network sniffer.
A video tutorial for troubleshooting network loops is avaliable at http://www.colasoft.com/download/arp_flood_arp_spoofing_arp_poisoning_attack_solution_with_capsa.php
very good information you write it very clean. I’m very lucky to get this information from
you.
It’s really well done! Respect to author.
My cousin recommended this blog and she was totally right keep up the fantastic work!
Genial fill someone in on and this enter helped me alot in my college assignement. Thanks you seeking your information.
Really nice and impressive blog i found today.
i am happy to find it thanks for sharing it here. Nice work.
nice share, good
article, very usefull for me…thank you
Great article, i
hope can know much information About it!
I’ve already bookmark this article and will definitely refer this article to all my close friends and colleagues. Thanks for posting!
before wrote this blog i was totally unaware of the loop network. now much more understand about the loop network . thanku so much for giving such a blog.
I am not aware of network loop. Although I usually devices for some computers, it is a good thing I haven’t encountered a problem with it. Anyway, thank you for sharing this post and for sharing the link for capsa network analyzer.
Which Packet file should be used
wonderful publish, very informative. I ponder why the other specialists of this sector don’t realize this. You must continue your writing. I’m confident,
you’ve a great readers’ base already!
Nice article, im pretty sure i have a network loop. However i was wondering how you can determin where the loop is ?
Where do you get the packet file to test your networking with? Do you build it? I’m trying to verify a network that my VoIP vendor says must be on my network based on a Wireshark packet trace that I sent them.
We capture the packets from our network or lab, we simulate all kinds of situation in our lab.Thank you
Where do you get the packet file for this step: “Let’s start Capsa, and then add in the packet file into the ready-to-replay list. Without any other settings, click this icon to start replay directly.”
@Justin Glauber
The packet files could be the trace file saved by Capsa or other network analysis applications, such as Wireshark.
This is for L3 loops where TTL changes. How about Layer 2 hops
@Shane
When there are layer 2 hops on the network, the IP identifications and the TTL values are the same. Therefore, you can go to the Packet view, locate the field Identification in the IP header information decoding section and check the Decode column to see if the values are the same, and then locate field Time to Live in the IP header information decoding section and check the Decode column to see if the values are the same. If both results are positive, you can be sure that there are layer 2 hops on the network.
i have tried to follow the video to perform network loop detection, where to get ““network_loop.cscpkt” i could not find it.
@Jeffrey
The video is a tutorial one for showing Capsa users how to detect network loop. The packet file is not available for users.
@Jeffrey
The packet files could be the trace file saved by Capsa or other network analysis applications.