Ask Your Question
0

00:00 Source Address 00:00 Destination Address 0x0000 Protocol 342 length

asked 2019-02-01 17:23:40 +0000

Avaorgoune gravatar image

Our network is being flooded by these types of packets. I have searched for 00:00:00:00:00:00 mac on all the switches to see if there was a single or multiple devices causing this issue. I believe it is a similar issue to the one below. Anyone have any suggestions of where to start?

https://osqa-ask.wireshark.org/questi...

edit retag flag offensive close merge delete

Comments

"I have searched for 00:00:00:00:00:00 mac on all the switches...", but did you find any?

Jaap gravatar imageJaap ( 2019-02-01 19:44:51 +0000 )edit

No, I did not find anything in any of the mac tables.

Avaorgoune gravatar imageAvaorgoune ( 2019-02-01 19:51:32 +0000 )edit

With what kind of capture tool, did you take the trace?

Christian_R gravatar imageChristian_R ( 2019-02-12 16:37:47 +0000 )edit

Wireshark. Or are you asking what type of a device I used?

Avaorgoune gravatar imageAvaorgoune ( 2019-02-12 19:36:12 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-02-12 15:09:24 +0000

Avaorgoune gravatar image

We got the traffic to stop for now by replacing the switch that seemed to be causing the most issues. I do not have much confidence that this will solve our problem long term, but I'm hopeful. I will update if things change.

edit flag offensive delete link more
0

answered 2019-02-01 19:42:06 +0000

Guy Harris gravatar image

I'd suggest starting with what the answer to the old question says. An OUI of 00:00:00 is assigned to Xerox; that either means 1) there's Xerox hardware that uses it or 2) it's assigned to Xerox, the original inventors of Ethernet, to keep it permanently reserved. If you don't have any Xerox equipment on your network, those packets are probably coming from a device that's putting bad packets on the network.

edit flag offensive delete link more

Comments

We got the traffic to stop for now by replacing the switch that seemed to be causing the most issues. I looked for any all-zero mac addresses already and couldn't find anything in any of the mac tables as the previous article suggested.

Avaorgoune gravatar imageAvaorgoune ( 2019-02-01 19:52:06 +0000 )edit

@Avaorgoune can you provide as a trace withe this packet?

Christian_R gravatar imageChristian_R ( 2019-02-03 10:32:47 +0000 )edit

Below is a short snippet of the millions of captured packets:

+---------+---------------+----------+
16:50:05,100,941   ETHER
|0   |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|06|09|00|01|56|00|0e|00|22|00|2a|00|00|ff|ff|fe|ba|01|45|00|07|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 ...
(more)
Avaorgoune gravatar imageAvaorgoune ( 2019-02-04 12:52:58 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-02-01 17:23:40 +0000

Seen: 2,334 times

Last updated: Feb 12 '19