Thanks for the feedback! I think it helps the advice-giver as much as the
person in need
of advice to see the outcome.
Jonathan
Pierre-Alex wrote:
> Thanks Jonathan, the problem is solved. See below.
>
> Just a remark on one of your point:
>
> "The successful ping-by-name does not prove you are pinging through the
> switch to the DSL modem to the Internet because the name could be resolved
> by name-cache or hosts file or even a DNS server on one of the other PCs
> plugged into your switch. "
>
> 1) I checked for presence of a host file
> 2) I cleaned up the client cache (ipconfig /flushdns)
> 3) I made sure that all servers where pointing to DNS servers OUTSIDE of my
> LAN
>
> When pinging any of my servers from the Internet (using a dial-up account)
> I would get a response of 3000 ms or greater.
>
> So this gave me a hint that it was a peformance or packet loss of some
sort.
> So I switched to a multiport repeater (hub)
>
> to rule out the possibility of a malfunction of the 2 switches. The rest of
> the troubleshooting is shown below:
>
>
----------------------------------------------------------------------------
> -----------------
>
> Thanks to everyone for the suggestions. The mystery is solved.
>
> Here are my troubleshooting steps:
>
> 1) I got a 10 BaseT hub and I plugged the cable modem and all the computers
> in there.
>
> 2) I was not able to ping the default gateway. But I was able to ping any
> computers from any other computers.
>
> 3) I examined hub; one of the ports, port 3, was showing unusual Link
> activity. (The hub has 5 ports)
>
> I plugged in a network monitor and found out that the PC on port 3 was
> sending 45 broadcast/seconds!
>
> 4) I examined the capture and found that the broadcasts were arp requests
to
> the default gateway!!!!
>
> 5) I then examined the arp cache of the PC and found the following:
>
> 63.162.86.1 00-00-00-00-00-00 invalid
>
> 6) I deleted the entry and created a static (permanent) arp entry for the
> default gateway
>
> 7) I did another network capture: this time the PC was sending TCP traffic
> out to random sites on the internet at a rate of
>
> 5,569 bytes per seconds!!!!
>
> 8) I went to Microsoft Website and searched their latest security bulletin
> looking for symptoms of virus infection
>
> 9)I did not have the symptoms of increased CPU activity but when I did a
> scan on my PC I found the file "root.exe" under d:\inetpub\wwwroot\
>
> (This file belongs to the Code Red Virus)
>
> 10) I cleaned up and patched up the PC; everyone was then able to ping the
> default gateway.
>
> -----
>
> What I learned: If I had moved to network capture analysis earlier in the
> process I could have saved myself a lot of work!!!
>
> What I still need to understand: how did the broadcast of the infected
> machine prevent other machines to ping the default gateway on the switch ?
>
> (please note that all the machines -- even the infected machine-- were able
> to ping each other while on the switch)
>
> -----Original Message-----
> From: Jonathan Hays [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 03, 2001 10:39 AM
> To: Pierre-Alex
> Subject: Re: DSL / Cisco Switches [7:18267]
>
> Pierre-Alex,
> Let's dig into the details of your problem.
>
> If you can plug your PC into the DSL modem's Ethernet port with a
> crossover cable and operate successfully you know that the PC and the DSL
> modem are not the problem. You also know that both the DSL's and the PC's
> ports are MDI ports. Why? Normally you use a straight-through cable from
the
> PC NIC MDI port to a switch or hub's MDI-X port.. A crossover cable is used
> to connect MDI to MDI ports (2 PCs) or to connect MDI-X to MDI-X ports (2
> switches).
>
> Next you say you connected your PC (and other PCs) into a switch with a
> straight-through cable and then you connected the switch to the DSL modem
> with another straight-through cable. Now you can ping by name but the ping
> times out.
>
> Are you getting a link light on the switch port connected to each PC and
> to the DSL modem?
>
> This is not a good troubleshooting technique at this point. The
successful
> ping-by-name does not prove you are pinging through the switch to the DSL
> modem to the Internet because the name could be resolved by name-cache or
> hosts file or even a DNS server on one of the other PCs plugged into your
> switch. A better troubleshooting technique would be to stick with IP
> addresses. It would be best to ping to the IP address of the router on the
> other end of the DSL connect at the ISP. (Some other Internet address would
> work, providing the ISP hasn't blocked ICMP echo and echo-reply (ping) to
> the Internet.) Use traceroute or tracert (depending on the PC's OS) and you
> will see where the connection quits.
>
> Try isolating the problem to a box before you get too deep into your
> troubleshooting. Replace the switch with a simple hub and see if the hub
> works. If so, someone may have configured some VLANs on the switch. Take a
> look at the switch configuration. Or you may have a bad port on the switch.
> Or the UPLINK button may be IN when it should be OUT.
>
> What kind of switch is it?
>
> HTH,
>
> Jonathan
>
> Pierre-Alex wrote:
>
> I have a DSL connection and multiple ip addresses.
> When I plug any computer directly to the DSL modem (with a cross over
> cable)
>
> everything works fine. However when I plug all of the computers and the
> DSL
> modem to the
>
> switch (with straight through cables) I get "time out" responses when
> pinging the default gateway.
>
> If I ping by name (e.g, ping yahoo.com) I get the name resolved, but
the
> pings time out.
>
> It has been a week of troubleshooting and still no light! Anyone?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18428&t=18267
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
