Using sniffer experts to analyze routing loops in the Network
Sniffer expert analysis system is one of the intelligent analysis systems provided by sniffer, he can intelligently analyze the data streams in the network to provide Intelligent Analysis of all objects in the network from the data link layer to the application layer, and through this intelligent analysis, he can automatically detect problems at all layers of the network, help technicians analyze and solve problems quickly and effectively.
If a routing loop appears in your network and the traffic is captured using sniffer, the sniffer expert analysis system will prompt you as follows.
1. TCP bouncing frames or UDP bouncing frames at the transport layer
[Attach] 76 [/Attach]
When TCP or UDP data packets with the same ip id appear continuously in the network, the sniffer Expert System will prompt this alarm. This traffic characteristic is generally caused by a route error. The same data packet sent to the target host keeps appearing in the network, and the target host is generally inaccessible. Check whether the route settings of the target host are correct.
2. Time-to-live expiring alarms at the network layer
[Attach] 77 [/Attach]
When the TTL value of the packet in the network is reduced to 1, the sniffer expert system will generate this alarm. After the TTL value of the IP packet is reduced to 1, it will be discarded by the router, the TTL value of a normally transmitted IP packet will not be reduced to the point where it is discarded by the router during transmission. Generally, when the TTL value is reduced to 1, it indicates that there may be Routing Problems in your local network. As a result, IP packets are continuously forwarded between routers until the TTL value is reduced to 1. However, some packages are excluded, mainly because some route multicast packets (the initial TTL value is 1, not diffuse) or some P2P applications set the initial TTL value to a low value to avoid excessive data transmission.
Check the configuration of the destination address routing of these data packets in the vro.
[Attach] 78 [/Attach]
3. time-to-live exceeded in transmit alert at the network layer
[Attach] 79 [/Attach]
when the router processes a packet whose TTL value is reduced to 1, the packet is discarded and the ICMP packet is sent to the host that sends the packet, notifying the sender that the packet is lost during transmission, this is generally because the destination address of the IP packet sent by the sender is faulty and the route is not local. Check the route settings on the router that sends the ICMP packet. This alarm allows technicians to detect remote network routing problems through an expert system.
[Attach] 80 [/Attach]
tracert can be used to check whether a route is faulty after an alarm is detected.