Help! My office sub-network crashes the rest of the offices network

[AgentCow007]

The whole office is set up like this:

DSL line runs into DSL modem
DSL modem runs into 50 port switch
50 port switch runs into ~15 computers thruout the office, and one 8 port switch
the 8 port switch runs into the 3 computers in our sub-office (couldnt think of anything else to call it)

The situation is this:

We got 3 new computers to replace the ones in our office. Ever since we got them set up, the internet in the other offices as well as our own slows down to a standstill (it works for a while but stops after a while). When we unplug our switch from the one that connects to the rest of the office, theirs all work fine.

We had a theory that one of the computers in the office was causing this, but I have no idea why or how to go about fixing it.

Can anyone help us?

 

[loup garou]

Scan those systems for viruses.

 

[InlineFive]

Make sure DHCP is disabled on everything except the 50-Port switch. It's quite possible that your switches are competing for DHCP rights and confusing (so to speak) all the computers.

-Por

 

[spidey07]

or you have some sort of loop. check and double check that there is only one connection between the switches and all other ports on the 8 porter only connect to hosts.

 

[AgentCow007]

Originally posted by: PorBleemo
Make sure DHCP is disabled on everything except the 50-Port switch. It's quite possible that your switches are competing for DHCP rights and confusing (so to speak) all the computers.

-Por

I dont think switches have dhcp, the ones we have here are boxes with plugs in them, and are pretty much PnP, and unlike routers they dont have any built in configuration tools

 

[spidey07]

Originally posted by: AgentCow007

Originally posted by: PorBleemo

Make sure DHCP is disabled on everything except the 50-Port switch. It's quite possible that your switches are competing for DHCP rights and confusing (so to speak) all the computers.



-Por

I dont think switches have dhcp, the ones we have here are boxes with plugs in them, and are pretty much PnP, and unlike routers they dont have any built in configuration tools

correct. you have what sounds like a layer2 problem. is there anyway you can run ethereal (google) on one of the new pcs while the problem is happening? then e-mail me the results. I can at least see if you've got a broadcast storm or loop going on.

 

[AgentCow007]

Originally posted by: spidey07

Originally posted by: AgentCow007

Originally posted by: PorBleemo

Make sure DHCP is disabled on everything except the 50-Port switch. It's quite possible that your switches are competing for DHCP rights and confusing (so to speak) all the computers.



-Por

I dont think switches have dhcp, the ones we have here are boxes with plugs in them, and are pretty much PnP, and unlike routers they dont have any built in configuration tools

correct. you have what sounds like a layer2 problem. is there anyway you can run ethereal (google) on one of the new pcs while the problem is happening? then e-mail me the results. I can at least see if you've got a broadcast storm or loop going on.

Sent to the addy in your profile. Thanks again!!!

 

[spidey07]

ygpm

So you were able to get a capture during the problem?

 

[AgentCow007]

Originally posted by: spidey07
ygpm

So you were able to get a capture during the problem?

Yeah, like i said, it works then slows the whole office to a stop

 

[Southerner]

I had a client with this problem. Unpatched Windows 2000/XP machines were getting plugged into the network by a vendor, they were catching a worm, and were sending out enough ping traffic that a single computer would make the T1 unusable. Seriously.

Unplug the machines, download the patches for the RPC vulnerability, then download the fixit program from Symantec or someone else. Run the patch, reboot, run the fixit tool, then get back online and download all other Windows updates.

Should fix the problem.

 

[spidey07]

something is up between .106 and .112. There is a tremendous amount of netbios/TCP traffic that could be flooding or overwhelming the server (.112).

When it happens again shut down or unplug .106. You've got some funky broadcasts in there from 02:01:00:00:00:00 but I'm not to concerned about it as they are occuring at 500 ms intervals.

 

[spidey07]

Originally posted by: Southerner
I had a client with this problem. Unpatched Windows 2000/XP machines were getting plugged into the network by a vendor, they were catching a worm, and were sending out enough ping traffic that a single computer would make the T1 unusable. Seriously.

Unplug the machines, download the patches for the RPC vulnerability, then download the fixit program from Symantec or someone else. Run the patch, reboot, run the fixit tool, then get back online and download all other Windows updates.

Should fix the problem.

his trace doesn't show signs of nachi, nimda or blaster. But its always a good idea to have patched machines. nachi had the ability to take down just about any network.

 

[AgentCow007]

Originally posted by: spidey07
something is up between .106 and .112. There is a tremendous amount of netbios/TCP traffic that could be flooding or overwhelming the server (.112).

When it happens again shut down or unplug .106. You've got some funky broadcasts in there from 02:01:00:00:00:00 but I'm not to concerned about it as they are occuring at 500 ms intervals.

106 was the machine in question originally. do you know what would cause this or how we could go about fixing it so we can use the machines normally?

and what do you mean by server?

 

[spidey07]

Originally posted by: AgentCow007

Originally posted by: spidey07

something is up between .106 and .112. There is a tremendous amount of netbios/TCP traffic that could be flooding or overwhelming the server (.112).



When it happens again shut down or unplug .106. You've got some funky broadcasts in there from 02:01:00:00:00:00 but I'm not to concerned about it as they are occuring at 500 ms intervals.

106 was the machine in question originally. do you know what would cause this or how we could go about fixing it so we can use the machines normally?



and what do you mean by server?

.112 is the server in this scenario (sscshost). the client is .106. looks like the path is \\sscshost\sscs and \cdbwin\data\sscs.mdw and a bunch of other .ldb files. Looks like a big download or file read. Do any of those paths or extensions ring a bell?

quick search revels .ldb files could be access databases.

 

[AgentCow007]

Originally posted by: spidey07

Originally posted by: AgentCow007

Originally posted by: spidey07

something is up between .106 and .112. There is a tremendous amount of netbios/TCP traffic that could be flooding or overwhelming the server (.112).



When it happens again shut down or unplug .106. You've got some funky broadcasts in there from 02:01:00:00:00:00 but I'm not to concerned about it as they are occuring at 500 ms intervals.

106 was the machine in question originally. do you know what would cause this or how we could go about fixing it so we can use the machines normally?



and what do you mean by server?

.112 is the server in this scenario (sscshost). the client is .106. looks like the path is \\sscshost\sscs and \cdbwin\data\sscs.mdw and a bunch of other .ldb files. Looks like a big download or file read. Do any of those paths or extensions ring a bell?

quick search revels .ldb files could be access databases.

yep. thats our god-awful database proggie. Theres one computer that hosts all the data (112) and 2 others that access it, 106 being used 99% of the time.

The thing is, we never had this problem before even though the network was set up exactly the same. The only difference i know is that the new computers have gigabit NICs in them, but i doubt that would slow it down.

 

[newParadigm]

Don't mean to hijack this forum but,

How do you have a DSL modem connected directly into a switch?
Wouldn't you need a router for that?
BecauseI triedsimilar wired setupat my house when our wireless router went down (cable modem direct to switch) and it tried to connect every computer on the networkdirectly to the WAN (which obviously didn't work becuase we only were granted 1 IP Address).

Just some curious person asking questions,
newParadime

 

[AgentCow007]

Originally posted by: newParadime
Don't mean to hijack this forum but,

How do you have a DSL modem connected directly into a switch?
Wouldn't you need a router for that?
Because I tried similar wired setup at my house when our wireless router went down (cable modem direct to switch) and it tried to connect every computer on the network directly to the WAN (which obviously didn't work becuase we only were granted 1 IP Address).

Just some curious person asking questions,
newParadime

im pretty sure its a dsl modem/router combo