Network flooded with seemingly empty packets

Posted by Adam Particka on Server Fault See other posts from Server Fault or by Adam Particka
Published on 2012-11-09T19:30:16Z Indexed on 2012/11/09 23:04 UTC
Read the original article Hit count: 166

Filed under:

networking

|

wireshark

|

flooding

Let me preface this with the fact that I'm just a web developer at my company with little networking knowledge.

Earlier today there was a department that lost all of their network connections so I popped open Wireshark and observed the influx of packets to my machine.

There was normal traffic (ARP requests, etc.) coming in at ~50 packets every second. Then all of a sudden the log was flooded with packets arriving ~5000 a second. It looks as though they all contain the same data, just a looped sequence.

We have someone here looking at it but I thought I would ask if anyone had seen anything like this before.

Here's a selection from one of the captures in Wireshark.

http://www.cloudshark.org/captures/06f950725c74

© Server Fault or respective owner

Related posts about networking

Networking stopped working on Ubuntu

as seen on Super User - Search for 'Super User'
I installed Ubuntu 10.04 through the Wubi installer (Funny, I installed it today and thought I would have gotten 10.10). I had a network connection and everything was working fine. I rebooted my coumputer a couple of times and then suddenly, I could not connect to the network and when I click the… >>> More
Troubles with start up defenition of networking service in Ubuntu

as seen on Super User - Search for 'Super User'
I use Ubuntu 12.04.1. I put attention that networking script starting in runlevel 0: user@comp:/etc/rc0.d$ chkconfig -l networking networking 0:on 1:off 2:off 3:off 4:off 5:off 6:off When I try to move it working to appropriate run levels I get error: user@comp:/etc/rc0… >>> More
Installing the Elgg Social Networking CMS

as seen on Internet.com - Search for 'Internet.com'
One Open Source CMS that stands out above the rest for small businesses and personal networks is the Elgg open source "social engine," which can be used to create social applications. Scott Clark shows you how to install and get started with this social networking CMS. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More

Related posts about wireshark

wireshark http POST

as seen on Server Fault - Search for 'Server Fault'
Hi I would like to have a http POST request method CAPTURE filter I know it is easy to do it by display filter http.request.method==POST but I need tcpdump compatible I wrote tcp dst port 80 and (tcp[13] = 0x18) But it is not perfect... tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) 2):4] =… >>> More
How to filter http traffic in Wireshark?

as seen on Server Fault - Search for 'Server Fault'
I suspect my server has a huge load of http requests from its clients. I want to measure the volume of http traffic. How can I do it with Wireshark? Or probably there is an alternative solution using another tool? This is how a single http request/response traffic looks in Wireshark. The ping is… >>> More
Wireshark is not capturing traffic through http://localhost:8888

as seen on Super User - Search for 'Super User'
Currently, my wireshark can capture traffic from http://localhost (traffic that is on port 80) but it won't capture traffic on localhost:8888 Is there any extra configuration/software that I need for wireshark to capture traffic of localhost on this port? I'm running Ubuntu 9.10 >>> More
Multi language support in wireshark

as seen on Super User - Search for 'Super User'
Do we have multiple language support with Wireshark. We are using Windows Xp SP2 and Ubuntu Linux environment. Actually we have a plugin which is UDP based and we have a requirement to Analyse the Information in Packet List Pane and Packet Details Pane to be viewed in other languages like French… >>> More
Saving Wireshark capture settings for future use

as seen on Server Fault - Search for 'Server Fault'
Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it's possible to use scripts generating bunch of capture settings, such with different filter setting. Does anyone know? Thanks. >>> More