From: CRDGW2::CRDGW2::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 25-SEP-1989 21:16 To: MRGATE::"ARISIA::EVERHART" Subj: Ethernet monitoring software... Thanks for the help Message-Id: <8909260105.AA08150@crdgw1.ge.com> Received: From RELAY.CS.NET by CRVAX.SRI.COM with TCP; Mon, 25 SEP 89 15:29:53 PDT Received: from relay2.cs.net by RELAY.CS.NET id ae11457; 25 Sep 89 16:11 EDT Received: from draper.com by RELAY.CS.NET id ah03714; 25 Sep 89 17:10 EDT Date: Mon, 25 Sep 89 16:02 EDT From: "Tom Bailey, C. S. Draper Lab, x2476" Subject: Ethernet monitoring software... Thanks for the help To: info-vax@KL.SRI.COM X-Vms-To: ccfvx3::in%"info-vax@kl.sri.com" Thanks to everyone for their help. Last week I asked about a Mac that was causing some ethernet problems, and about some Ethernet monitoring software. A brief summary is: -Regarding Mac's and ARP storms... > A host is configured with the wrong network broadcast address > (xxx.xxx.xxx.0 as opposed to xxx.xxx.xxx.255). This causes > it's ARP requests to cause all the hosts running GATED and ROUTED > to send back ICMP redirects to announce this new host > xxx.xxx.xxx.0. This apparently *isn't* our problem, but was commonly cited as something to watch out for. -Regarding Ethernet monitoring software... > Most PC IP products will do this.... > ...the DECUS Spring 1989 VAX/L&T tape called ETHERMON >and INEPT. ETHERMON is a MONITOR ETHERNET type utility. INEPT (yeah, what >a name :-) is a packet grabber type program. >If you have Suns, try running /usr/etc/etherfind. as well as some 'private' versions of programs that can decode different types of packets quite intelligently. Someone mentioned that it will take an unloaded 3200 or better to have a chance of keeping up in promiscuous mode. -Regarding making VAXes more immune to broadcast storms... > Tough... I have found deuna's and deqna's very susceptible > to this, whereas DEBNA's don't show the problem at all. > > Turn off any DECnet routing functions you may have on your systems, > if you can afford it. This helps a little, since routing > messages are not sent if there are no routers, therefore > fewer NCP events will occur. > ... We think the quickest solution would be > to buy a bridge that can be programmed to not forward > FF-FF-FF-FF-FF-FF packets away from our LAVC. -Plus, an update about the original problem from my postmaster... >You might be interested to know that our problem with ARP storms seems >to be that a Mac with MacTCP is sending out 1700 ARPs/second, crashing >machines all over our Ethernet. The Mac continues sending them even >when we pull it off the Ethernet and put an analyzer directly on the >Mac's Ethernet connector. The Mac screen, keyboard and mouse are all >frozen at that point. MacTCP has gotten itself into this state twice >in the past month. It's been impossible to reproduce at will, so it's >a real bitch to report as a bug and hope to get it fixed. As usual, any further suggestions will be welcomed. And thanks again to the net for it's help. Tom Bailey C. S. Draper Lab tlb1431@draper.com bailey@mordor.draper.com