10-20-2006 12:44 AM - edited 03-05-2019 12:21 PM
Why would would a wireless PC send out 25,000 SMNP packets a second looking for a network printer, when the pc isn't even logged on. When this happens it kills all switches on the site! All lights flashing in sequence and the packets we capture are SNMP GET ISO?
Can someone please help urgently??
10-20-2006 05:29 AM
Don't know whoever owns the wireless pc would have to tell you that , could be just a misconfig , why they are using snmp at all would be the question I would pose to the user. You don't use snmp to look for a printer at least I have never seen anything like that.
10-20-2006 05:49 AM
Hi there, the thing is, the users werent even doing anything at the time ?
10-23-2006 06:52 PM
What snmp software is installed on the pc? What network management software (snmp) does the user have loaded that would be sending snmp gets across the network? from the packet capture what OID was it trying to query?
10-24-2006 07:18 PM
I've seen printer dricer software like this before. I don't remember the brand - it was some years ago (circa 1998.) It was used to print to a networked copier/printer/fax.
Basic operation for the printer driver went something like:
1) Listen for RIP updates to gather subnet information.
2) Send broadcast and directed broadcast snmpgets to each subnet, using a proprietary OID that only the printer could respond to with a valid value.
3) Having received valid response(s), commence connection with printer(s).
However, the traffic generated by that old driver was no where near 25kpps.
Seems there are a few issues here:
A) Why does a printer driver send 25kpps snmpgets?
B) Where/how is it sending them? ie multicast, unicast, sequentially by IP, etc?
C) Which might lead us to the most important question - how can a single PC kill your network?
Carl, can you disclose the driver information and OID(s)? Or perhaps a packet capture where you see the 25k packets/sec?
In the meantime, I'd apply an access-list to your snmp-server community config on your switches and routers so that they will reject all snmp gets from non-authorized hosts. My first guess is that cpu utilization on network devices is reaching critical levels due to either excessive snmp lookups or multicast traffic.
-Michael
10-25-2006 01:38 AM
Hi there, thanks for your response, we may of sorted the problem now by removing the printer from the pc and installing it on the print server, we have done this on the wireless pc's and not it seems all ok
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide