Troubleshooting Loops: IPv4 ID/TTL and Addressing Notes

Before I start, let the first cover a very common question I get asked. I will not be providing vendor-specific information on this troubleshooting example. Nor will I be sharing the trace file.

The goal of this article and video is to introduce you to the methodology, tips and tricks, and other things that you may not have thought of when you perform protocol analysis.

On to the problem; I covered a little bit about this in previous articles when I was talking about making a larger trace file manageable.

The client is complaining that the network has performance brownouts and wireless clients tend to get dropped off. So, I asked them to connect his computer to any port on that same VLAN, start a capture for a few minutes and then stop it, and send it to me. I then filtered the capture device’s traffic out and will go through the remaining packets and this exercise.

In the video, you will see how I leverage the IP identifier, time to live, and MAC addresses to determine what is happening. When I present or teach, I stress the goal of troubleshooting is to either prove what the issue is NOT or to figure out where your test point is with the final target being identifying the root cause.

Spoiler alert, the high packet rate of small broadcast packets is causing the problem.