We have cisco switches in and cisco routers connected to the LAN. Don't know how to prevent someone from sending out big amount of broadcasting from his/her client pc. Supposed the destination and source of the packets are 255.255.255.255 and 0.0.0.0. It's hard for us to find who send out these huge amount of packets. Appreciate some one could provide some comments.
Since these ARE broadcasts and routers do not pass broadcasts (normally) the the broadcasts are definitely coming from the subnet you are seeing them on. Now that the obvious is covered... :-) the only way you will be able to track these down IMHO would be to disconnect devices, possibly in a binary search, and monitor with sniffer. I realize this may be inpractical, esp. during working hours, but if these are present at all times then it may not take all the long during an after hours with two people. One disconnecting switches/hub etc. while the other person is sniffing the network. Once the network device (switch/hub) is identified then you'll need to disconnect one connection at a time.
I do not see any other way to do it
Sorry about that, here are the links again (without login):
However, you mentioned you cannot find the source of the broadcast using the
sniffer. But were you able to verify that the packets you have captured includes the broadcast packets you mentioned? Maybe you can try looking for a source MAC address.