Ken Roach
Lifetime Supporting Member + Moderator
I hope that there might be some Ethernet and TCP/IP experts here on the Forum who can give me some advice.
I was recently troubleshooting a telemetry network that uses GE MDS iNet 900 spread-spectrum radios, and one of my troubleshooting steps was to plug in Wireshark to the Ethernet port of a "spare" radio to listen to any broadcast/multicast traffic that might be on the network.
It didn't surprise me to see some broadcast and multicast packets; the usual N-Tron and Cisco management packets, ARP broadcasts, IGMP Group messages, etc. This accounted for only about 25 packets per second, so I don't think this is a big deal.
What surprised me is when I sorted the traffic by protocol and found a handful of TCP frames that were not addressed to the radio I was analyzing or to the PC I was connected with.
There are 51 total hosts on the network, attached to six different switches around the facility. A couple of the switches are managed (Cisco and NTron) but none of them are configured, as far as I know.
The Access Point radio is 192.168.0.53
My spare radio is 192.168.0.113
But I saw TCP packets that were addressed to 192.168.0.1,2,3,13,14,15,16,17,and 18, which came from three different sources (192.168.0.54, .60, and .150).
All of those nodes except one (.150) are hardwired to the network; they are not connected to a radiomodem.
There were no complete conversations or pairs of packets that appeared to be replies to one another. There were some flagged as TCP Retransmissions and a lot flagged as "previous segment lost" (no surprise).
The way I understand Layer 2 Ethernet switches, this should not be possible. The traffic has to get to the Access Point radio in the first place, and it shouldn't because all these devices are hardwired to the network, not part of the radio system.
And even if the Access Point were connected to an Ethernet Hub, then it should not send out every packet it gets, but rather only packets addressed to the remote radios and devices connected to the remote radio Ethernet nodes. If the Access Point sent out all traffic that arrived at its Ethernet port, then I'd see a lot more than these random frames.
Any ideas about what might be happening ? And MDS iNET 900 users out there who have seen something similar ?
I was recently troubleshooting a telemetry network that uses GE MDS iNet 900 spread-spectrum radios, and one of my troubleshooting steps was to plug in Wireshark to the Ethernet port of a "spare" radio to listen to any broadcast/multicast traffic that might be on the network.
It didn't surprise me to see some broadcast and multicast packets; the usual N-Tron and Cisco management packets, ARP broadcasts, IGMP Group messages, etc. This accounted for only about 25 packets per second, so I don't think this is a big deal.
What surprised me is when I sorted the traffic by protocol and found a handful of TCP frames that were not addressed to the radio I was analyzing or to the PC I was connected with.
There are 51 total hosts on the network, attached to six different switches around the facility. A couple of the switches are managed (Cisco and NTron) but none of them are configured, as far as I know.
The Access Point radio is 192.168.0.53
My spare radio is 192.168.0.113
But I saw TCP packets that were addressed to 192.168.0.1,2,3,13,14,15,16,17,and 18, which came from three different sources (192.168.0.54, .60, and .150).
All of those nodes except one (.150) are hardwired to the network; they are not connected to a radiomodem.
There were no complete conversations or pairs of packets that appeared to be replies to one another. There were some flagged as TCP Retransmissions and a lot flagged as "previous segment lost" (no surprise).
The way I understand Layer 2 Ethernet switches, this should not be possible. The traffic has to get to the Access Point radio in the first place, and it shouldn't because all these devices are hardwired to the network, not part of the radio system.
And even if the Access Point were connected to an Ethernet Hub, then it should not send out every packet it gets, but rather only packets addressed to the remote radios and devices connected to the remote radio Ethernet nodes. If the Access Point sent out all traffic that arrived at its Ethernet port, then I'd see a lot more than these random frames.
Any ideas about what might be happening ? And MDS iNET 900 users out there who have seen something similar ?
Last edited: