I've got several L2TP tunnels hitting a Cisco 7201 and am trying to
use Wireshark to determine what inside my tunnel responsible queue
drops on one of interface responsible for the L2TP termination. I
inserted a Wireshark laptop in a hub between the LAC and the LNS, and
I got a good 24 hour sniff of L2TP traffic.
(A broadcast filter is on the router, so I know this has to be unicast
garbage flooding my L2TP tunnels. I suspect it is unknown unicast
flooding, but to make my case for a good carrier grade switch that
supports the UUFB feature, I need to make a good case.)
I'm relatively new to Wireshark and could use some suggestions on how
to determine what is responsible for the traffic spikes in the IO
graph. I sorted the traffic by protocol hierarchy and found 99% of it
inside the Ethernet / IP section is TCP, so I know that it's
application level traffic. I'm hoping to narrow this down a bit more
and find the smoking gun.
Any ideas where to start? I feel like I'm poking around here and
could use any pointers or suggestions others might have.
--
Also on LinkedIn? Feel free to connect if you too are an open
networker: scubacuda@xxxxxxxxx
