What causes a switch port to receive data not destined for it?
- by user1693454
We are having an intermittent fault which is effecting one of our control systems on one of our HP Procurve switches.
For some reason, this PLC (10mbit port - 192.168.6.56) which is attached directly to the HP Switch intermittantly start's receiving data which is not destined for it. The data is being sent from a Thecus NAS with latest firmware (192.168.6.218) to a physical IBM Server running Win2003R2 and SAP (192.168.6.225). The problem does not just send to this server, it has been to other physical servers in the past too, but always from the Thecus NAS.
I am using a monitor port to wireshark what is going in/out of the PLC - normally there would be about 1mb in/out per 2 or 3 minutes - only a server asking the state of the coils. When the problem occurs, there is a flood of data being put onto the PLC line - in this captured instance, about 67mb in less than a minute.
Due to this, there is no way that the PLC can be queried as the port is effectively DOSed, in turn killing part of our factory. I know that having Production on the same vlan as IT is not a good idea - I agree, however it cannot be changed at the moment (will have to wait 3 months), as well as the problem has only started happening in the last 3 months.
Here is a screen cap of one of the packets being sent from the Thecus NAS which was captured from the PLC port on the HP Switch:
And there are over 700 of these in this one 1024kb file.
If anyone has any idea on what could be going on, some help would be greatly appreciated. If you need to know anything more, let me know!
Cheers!