howdee all... first time on. below is one of hundreds emails i've been getting over the last two weeks from my SW-24. the floods last 10-20 minutes, then seem to stop for a while...some days there are multiple floods, others only one. They occur at random times.
...DL'd WS, BUT...not sure how to set up filters for the SW-24.
one of hundreds email to me WAN1 MAC Address: 00-1C-74-00-B0-8C, IP: 184.108.40.206 WAN2 MAC Address: 00-1C-74-00-B0-8D, IP: 192.168.254.1 System Uptime: 16d 12h 41m 41s Firmware Version: Ver 1.0 Rel 04 Build Date: Jun 18 2010 CPU utilization: 5 % Heap Usage: 42 % Queue Usage: 1 %
Causes: Device Ping Flood! More than 120 pings per minute to SW00B08C(IP=220.127.116.11).
the 00-1C-74-00-B0-8C, IP: 18.104.22.168, is my Time-Warner cable modem
is it possible to use WS to detect the source of the ping-floods thru the SW-24?
Thanks in advance for speedy advice,
asked 20 Jun '12, 22:00
sounds like your cable modem detects some pings on 22.214.171.124. Those pings come either from the external side or from your LAN.
If the pings come from the external side (ISP Network), there is no easy way to work with wireshark, as you cannot sniff on the TV cable without further hardware, except your cable modem provides such a functionality. Please check the manual.
If the pings come from the internal side (rather unlikely), you can sniff the traffic on the LAN, by looking at this link: http://wiki.wireshark.org/CaptureSetup/Ethernet
If you manage to sniff traffic, you can use this display filter to show only icmp packets.
Sort the list of entries in the packet list by source ip, and you will see who sends most of the icmp packets (possibly pings).
answered 20 Jun '12, 22:52