-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom Hula wrote:
> There was a discrepancy between the port on the switch and the
> HP...fixing that didn't change anything. The HP was set to
> Auto-negotiate,100 Mb, Full Duplex ... The switch port was set to
> 100MB, Full Duplex without negotiation. We (HP and I) turned off
> auto-negotiation on the HP side and restarted everything.
as noted elsewhere in the thread, auto-negotiate OFF has been the
"proper" setting for some time, though Gilles mentioned a case where
this doesn't appear to hold true anymore, but I got the impression the
setting was turned on at the SWITCH rather than the HP -- maybe both?
> I did notice something I thought was unusual. No one is using the
> HP or the network, but on the switch port, the indicator is blinking
> very fast...faster than a heartbeat. Rebooting just gets it blinking
> fast again.
sounds like one of the workstations on the network has become a
chatterbox - this could be due to a virus (either the PC is trying to
participate in a Denial-of-Service attack, [which apparently succeeded,
thought I doubt the HP was the target...] or it's trying to propagate
the virus and/or send out spam - either is just as bad) or a hardware
failure causing it to retransmit constantly.
When you say "the indicator light", is it tied to a particular port, or
do "all" of them blink? (or is this some sort of really odd switch that
doesn't show per-port activity - after all, with a SWITCH, traffic is
supposed to be separate across all ports - with a HUB, traffic is shared
and in that case, a SINGLE indicator for traffic makes sense) If it is
a single light on a particular port, I'd check the other end of THAT
cable first...
If that isn't the case, or we're really talking about a HUB with only a
single "activity" light, a low-end switch that doesn't show per-port
activity, or even a "proper" switch but the "traffic" is "broadcast"
traffic (meaning the switch will send to all ports just like a hub) the
next [obvious] thing [in my mind] is to check the OTHER devices on the
network -- pull each of the cables connected to the device until the
activity stops -- if you end up pulling all the cables out and the light
is still blinking quickly, you've narrowed it down, "holmesian-style",
:) to the device itself. (and likewise, if it stops when you pull a
certain line and restarts when you plug it back in, check the other end
of that particular cable -- if it feeds to another switch,
rinse-and-repeat as necessary)
> Earlier, when we were doing the diagnostic...was it
> netcontrol status or nscontrol status. Whichever one shows bytes
> sent and received and various other possible errors. Seems like
> we noticed back then that I seemed to be receiving lots of extraneous
> packets...if there is some heavy activity we haven't been able to
> account for, that alone could be why we are being kept off the HP.
Have you run a network analyzer and captured some of this traffic? One
of the best is also freely available -- Wireshark (previously known as
"ethereal") is both free in $$$ and free in the "open source" sense.
(wireshark.org) If something is "chattering" on the network, it should
be rather obvious without really needing to know "what" the program is
showing you -- you'll see lots of the same packet :) If it is a virus
or compromised system, the "traffic" should be fairly obvious as well
- --
Top o' the Blog: And you thought <i>you</i> were the king of leisure time?
http://osnut.homelinux.net/mtblog/ya_index.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJqNiXV/YHUqq2SwsRAnv+AKDQkTZXdcJDxstfHEefK2EospreRQCdGYpe
CPot/agMxc0oez0weI2B8Jo=
=Xoaq
-----END PGP SIGNATURE-----
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
