Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

unusual network activity

Status
Not open for further replies.
RaulGB

RaulGB

MIS
Oct 29, 2002
10
BO
Hello,

It's been a few days since we are observing some unusual network traffic that involves one of our AIX 5.2 with HACMP 5.1 servers . Our network admin says that these servers are sending ping messagees to all the PCs in the user's network (which is a separate network), now we found a lot of entries in the routing table (that we didn't see before), this is a portion of the result of a netstat -r command:


gtt0011n0845.cre 10.1.1.254 UGHW 1 1518 en1 1500 - -
gtt0011n0463.cre 10.1.1.254 UGHW 1 459 en1 1500 - -
gtp0011d0823.cre 10.1.1.254 UGHW 2 463 en1 1500 - -
gtt0011n0816.cre 10.1.1.254 UGHW 1 384 en1 1500 - -
gcga011d0450.cre 10.1.1.254 UGHW 1 527 en1 1500 - -
gtp0011d0807.cre 10.1.1.254 UGHW 1 3 en1 1500 - -
gies013d0852.cre 10.1.1.254 UGHW 2 90 en1 1500 - -
gioo025d0570.cre 10.1.1.254 UGHW 1 59 en1 1500 - -
gi0011n0272.cre. 10.1.1.254 UGHW 1 10 en1 1500 - -

We flushed the routing table and immediately the entries started to re-appear.

We haven't installed any new functionality lately, can you suggest any way in which we can investigate what could be causing this traffic?

Thanks in advance for your help.

Best regards,

Raul Giles
 
Sort by date Sort by votes
could you please paste the output of cltopinfo command?
 
Upvote 0 Downvote
try the following:

no -o directed_broadcast=0
This disables ICMP broadcast echo activity,which could well be the problem.

rgds,

R.
 
Upvote 0 Downvote
Hello,

This is the output of the cltopinfo command:

Cluster Description of Cluster: cl_cre
Cluster Security Level: Standard
There are 2 node(s) and 3 network(s) defined

NODE P650_C0:
Network net_ether_01
P650_C0 10.1.1.26
PBOOT_C0 10.1.1.90
PSTBY_C0 10.3.3.1
Network net_ether_02
PRIV_C0 9.1.0.3
Network net_rs232_01
P650_C0_tty2_01 /dev/tty2

NODE P650_C1:
Network net_ether_01
P650_C1 10.1.1.27
PBOOT_C1 10.1.1.91
PSTBY_C1 10.3.4.1
Network net_ether_02
PRIV_C1 9.1.0.4
Network net_rs232_01
P650_C1_tty2_01 /dev/tty2

Resource Group rsgsrv2
Behavior cascading
Participating Nodes P650_C1 P650_C0
Service IP Label P650_C1

Resource Group rsgconc
Behavior concurrent
Participating Nodes P650_C0 P650_C1

Resource Group rsgsrv1
Behavior cascading
Participating Nodes P650_C0 P650_C1
Service IP Label P650_C0





Best regards,

Raul Giles
 
Upvote 0 Downvote
Hello again,

We tried the no -o directed_broadcast=0
command, and then flushed the routing table, but it didn't solve the problem since new entries started to appear right away.

Can you suggest something else on those lines?

Thanks,

Raul Giles
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

trifo
  • Locked
  • Question
Setting up NIM for different networks
Replies
0
Views
211
trifo
trifo
yuvarakasil
  • Locked
  • Question
IBM Pureflex network connectivity issue
Replies
0
Views
143
yuvarakasil
yuvarakasil
pa2nc
  • Locked
  • Question
HMC using open Network
Replies
1
Views
123
itsp1965
itsp1965
amritjsr
  • Locked
  • Question
Script for real time network traffic per process
Replies
3
Views
192
KenCunningham
KenCunningham
alexia32
  • Locked
  • Question
help command network please !!!
Replies
3
Views
115
ProbablyDown
ProbablyDown

Part and Inventory Search

Sponsor

Back
Top