Saya bukan orang jaringan normal kami ... Saya baru saja dirancang untuk membantu dengan masalah ini, jadi tolong tahan dengan saya.
Kami memiliki jaringan yang cukup besar (~ 4.000 perangkat?) Yang sebagian besar terdiri dari perangkat HP Procurve. Dari waktu ke waktu selama beberapa minggu terakhir, kami telah mendapatkan beberapa badai penyiaran yang cukup banyak mencegah semua lalu lintas lainnya dikirim melalui jaringan. Saya mengatur Wireshark untuk melakukan dump 5MB, dan saya menangkap beberapa dari tindakan ini pagi ini.
Anda dapat mengunduh paket capture . Kesenangan dimulai pada paket # 23968. Paket NBNS yang tampaknya cacat berulang-ulang. Namun, ini bukan hanya perulangan lurus. Alamat IP sumber (143.226.8.185) dan tujuan (143.226.44.79) tetap sama, tetapi sumber alamat MAC berubah. Paket pertama tampaknya berasal dari beberapa perangkat tidak penting di jaringan, dan dikirim ke alamat multicast, 01: 00: 5e: 7f: ff: fa. Semua paket setelah itu berasal dari alamat MAC dari titik akses nirkabel HP kami dan dikirim ke alamat multicast yang berbeda, 01: 00: 5e: 62: 2c: 4f.
Ini paket pertama:
No. Time Source Destination Protocol Info
23968 122.229240 143.226.8.185 143.226.44.79 NBNS Unknown operation (10) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding)[Malformed Packet]
Frame 23968 (1038 bytes on wire, 1038 bytes captured)
Arrival Time: Sep 15, 2010 08:32:44.329966000
[Time delta from previous captured frame: 0.004744000 seconds]
[Time delta from previous displayed frame: 0.004744000 seconds]
[Time since reference or first frame: 122.229240000 seconds]
Frame Number: 23968
Frame Length: 1038 bytes
Capture Length: 1038 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: IntelCor_d2:5e:6b (00:1f:3b:d2:5e:6b), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_d2:5e:6b (00:1f:3b:d2:5e:6b)
Address: IntelCor_d2:5e:6b (00:1f:3b:d2:5e:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 7773643D22687474703A2F2F736368656D61732E786D6C73...
Frame check sequence: 0x6f70653e [incorrect, should be 0x30019938]
Internet Protocol, Src: 143.226.8.185 (143.226.8.185), Dst: 143.226.44.79 (143.226.44.79)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 203
Identification: 0x00d0 (208)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xe485 [correct]
[Good: True]
[Bad : False]
Source: 143.226.8.185 (143.226.8.185)
Destination: 143.226.44.79 (143.226.44.79)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
Source port: netbios-ns (137)
Destination port: netbios-ns (137)
Length: 183
Checksum: 0x01db [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
NetBIOS Name Service
Transaction ID: 0x4d2d
Flags: 0x5345 (Unknown operation)
0... .... .... .... = Response: Message is a query
.101 0... .... .... = Opcode: Unknown (10)
.... ..1. .... .... = Truncated: Message is truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 16722
Answer RRs: 17224
Authority RRs: 8234
Additional RRs: 8264
Queries
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (12081)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (12081)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (11631)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (11631)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25701)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25701)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25914)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25914)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25970)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25970)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (18273)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (18273)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (24953)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (24953)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (26979)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (26979)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (3338)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (3338)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (14882)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (14882)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (28730)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (28730)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25455)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25455)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (8717)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (8717)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (28513)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (28513)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (29287)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (29287)
[Malformed Packet: NBNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Ini paket selanjutnya:
No. Time Source Destination Protocol Info
23969 122.229836 143.226.8.185 143.226.44.79 NBNS Unknown operation (10) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding) unknown Illegal NetBIOS name (1st character not between A and Z in first-level encoding)[Malformed Packet]
Frame 23969 (217 bytes on wire, 217 bytes captured)
Arrival Time: Sep 15, 2010 08:32:44.330562000
[Time delta from previous captured frame: 0.000596000 seconds]
[Time delta from previous displayed frame: 0.000596000 seconds]
[Time since reference or first frame: 122.229836000 seconds]
Frame Number: 23969
Frame Length: 217 bytes
Capture Length: 217 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:nbns]
[Coloring Rule Name: SMB]
[Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios]
Ethernet II, Src: HewlettP_05:de:da (00:17:a4:05:de:da), Dst: IPv4mcast_62:2c:4f (01:00:5e:62:2c:4f)
Destination: IPv4mcast_62:2c:4f (01:00:5e:62:2c:4f)
Address: IPv4mcast_62:2c:4f (01:00:5e:62:2c:4f)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: HewlettP_05:de:da (00:17:a4:05:de:da)
Address: HewlettP_05:de:da (00:17:a4:05:de:da)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 143.226.8.185 (143.226.8.185), Dst: 143.226.44.79 (143.226.44.79)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 203
Identification: 0x00d0 (208)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 127
Protocol: UDP (0x11)
Header checksum: 0xe585 [correct]
[Good: True]
[Bad : False]
Source: 143.226.8.185 (143.226.8.185)
Destination: 143.226.44.79 (143.226.44.79)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
Source port: netbios-ns (137)
Destination port: netbios-ns (137)
Length: 183
Checksum: 0x01db [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
NetBIOS Name Service
Transaction ID: 0x4d2d
Flags: 0x5345 (Unknown operation)
0... .... .... .... = Response: Message is a query
.101 0... .... .... = Opcode: Unknown (10)
.... ..1. .... .... = Truncated: Message is truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...0 .... = Broadcast: Not a broadcast packet
Questions: 16722
Answer RRs: 17224
Authority RRs: 8234
Additional RRs: 8264
Queries
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (12081)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (12081)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (11631)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (11631)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25701)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25701)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25914)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25914)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25970)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25970)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (18273)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (18273)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (24953)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (24953)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (26979)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (26979)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (3338)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (3338)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (14882)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (14882)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (28730)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (28730)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (25455)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (25455)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (8717)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (8717)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (28513)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (28513)
Illegal NetBIOS name (1st character not between A and Z in first-level encoding): type unknown, class Unknown (29287)
Name: Illegal NetBIOS name (1st character not between A and Z in first-level encoding)
Type: unknown
Class: Unknown (29287)
[Malformed Packet: NBNS]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Gila, bukan? Jika Anda melihat melalui paket capture, Anda akan melihat banyak dari paket ini diulang setelah titik itu. Terus dan terus setelah itu, ke beberapa file lagi.
Jika ini adalah perulangan, mengapa hanya AP kami yang mengirim paket ini? AP ini tersebar di seluruh kampus kami.
Sedikit lebih banyak info tentang jaringan kami ... Semuanya datar. Straight Ethernet berjalan ke semuanya, dan kami memiliki blok IP kelas B. Tidak ada subnet. Ada paket pembentuk, firewall, dan router antara jaringan kami dan koneksi WAN kami.
Akhirnya, jika Anda melihat posting ini dan tampaknya akrab bagi Anda, itu karena saya telah memposting masalah serupa di masa lalu yang masih belum kami selesaikan, tetapi belum terlihat baru-baru ini. Itu dapat ditemukan di switch HP yang mengirim permintaan ping multi-gips .
Terima kasih banyak atas waktu Anda!
Sunting: Paket 23968 dikonfirmasi menjadi pemicu badai multicast ini. Saya telah memutar ulang satu paket ke jaringan kami dan menendangnya lagi.
Edit / Perbarui:Melakukan eksperimen lagi. Saya telah mengambil salah satu titik akses HP kami dan menghubungkannya langsung ke PC saya. Tidak ada yang melekat pada segmen. Jika saya memutar ulang paket awal yang menyebabkan masalah pada Titik Akses, Titik Akses menjawab sekali. Jika saya memutar ulang balasan AP kembali ke AP, itu membalas lagi. Setiap kali melakukan ini, TTL diturunkan. Apa yang terjadi di sini adalah bahwa AP di jaringan awalnya mendengar paket multicast yang rusak dari tuan rumah dan membalasnya melalui multicast. Setiap AP mendengar balasan ini dari semua AP lain dan membalasnya. Setiap AP mendengar semua balasan ke balasan dan membalasnya. Untungnya, itu menurunkan TTL setiap kali sehingga badai hilang segera setelah TTL mencapai 0, dan paket tersebut terbunuh. Sekarang yang perlu saya lakukan adalah mencari tahu cara menghentikan perilaku ini!
AP yang saya miliki di depan saya adalah HP Procruve 420 J8130B.
Sunting (ASK!): Setelah mencoba tampaknya setiap pengaturan konfigurasi pada AP, saya masih tidak dapat mencegahnya mengirimkan kembali paket multicast tersebut. Saya menemukan bahwa kami tidak menggunakan firmware terbaru, jadi saya mencoba memutakhirkan, tetapi masalahnya tetap ada. Kemudian saya mencoba menurunkan ke versi 2.1.7 dari 29 November 2006. Tidak ada masalah dengan firmware ini! AP yang menjalankan 2.1.7 tidak mengirim ulang paket !!! Saya masih menunggu untuk mengetahui bagaimana data sampah di jaringan di tempat pertama, tetapi masalahnya diselesaikan untuk saat ini. Kami membuat laporan bug dengan HP.
networking
hp
Brad
sumber
sumber
Jawaban:
Pertama dan terutama, itu bukan paket NBNS, mereka sebenarnya adalah paket Universal Plug-n-Play yang berusaha mencari perangkat yang diaktifkan "Internet Gateway Device". UPNP-IGD menggunakan IPv4 multicast untuk menemukan perangkat tepi tersebut. Protokol, seperti itu, mengatakan seharusnya hanya ada satu. Hadiahnya adalah dalam muatan paket:
IGD digunakan oleh beberapa aplikasi untuk memberi tahu pelanggan NAT gateway bagaimana menangani NAT traversal untuk protokol tertentu. Aplikasi IM dan sejenisnya. Anda dapat membuat Wireshark menunjukkan hal-hal yang lebih baik dengan menyuruhnya mendekode UDP / 137 sebagai HTTP untuk tangkapan itu.
Sekarang, mengapa ini menyebabkan badai multicast adalah pertanyaan besar. Anda mendapatkan jenis paket yang sama jauh sebelum badai menerjang, tetapi paket tersebut dikirim dengan benar ke 239.255.255.250:1900. Paket 23955, pada kenyataannya, berasal dari perangkat yang sama yang memulai badai di 23968. Namun, paket 23968 menunjukkan alamat MAC tujuan yang sama (satu menunjukkan IPv4 Multicast) tetapi memiliki alamat IP tujuan yang ada di blok / 16 Anda dan tidak boleh menjadi multicast.
Paket 23604 juga sangat cacat. Ini memiliki header Ethernet yang valid, tetapi header IP anehnya terpotong dan berakhir pada string UPNP-IGD yang sama yang saya kutip di atas. Perangkat yang mengeluarkan paket aneh dan aneh ini adalah perangkat yang sama (yah, toh berasal dari alamat MAC yang sama) dengan paket 23968 yang memulai badai multicast.
Taruhan terbaik saya pada saat ini adalah bahwa perangkat pada 00: 1F: 3B: D2: 5E: 6D disembunyikan dengan cara tertentu atau secara unik tidak menangani permintaan pencarian UPNP ini dengan benar. Paket 24717 menunjukkan permintaan M-SEARCH lain ke 239.255.255.250:3702 yang juga berasal dari perangkat yang sama. Alamat IP yang benar, port yang salah (harus 1900).
Dugaan saya adalah bahwa badai multicast ditendang oleh sebuah paket dengan alamat IP Unicast yang tiba dengan alamat MAC multicast, dan perangkat jaringan Anda tidak menangani casing yang tidak benar dengan benar. Ini menunjukkan fakta bahwa paket-paket setelah awal semua mengklaim sumber dari IP yang sama (143.226.8.185), tetapi alamat MAC semuanya berbeda. Anda memiliki perangkat buruk yang berhasil menemukan bug dalam penanganan multicast / unicast pada perangkat-bersih Anda.
sumber
@Brad: Saya baru saja melihat ini dan bertanya-tanya apakah itu memberi Anda wawasan tentang masalah ini.
http://support.microsoft.com/kb/317843
sumber
Rekomendasi saya adalah membuka task manager di host yang mengirim siaran dan mencoba menutup satu ke satu semua aplikasi yang dapat mengirim sesuatu ke jaringan dan pada saat yang sama melihat ke paket di jaringan (Wireshark) untuk mencari untuk aplikasi yang memberi masalah.
sumber