此例子是比较典型的内网PC全网中毒,中毒后的现象是一直往外网发包。导致内网口被堵满。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C故障现象:CPU 90%以上、PING内网网关丢包严重、面板上繁忙饱和正常空闲四个个灯全亮
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C通过配置线登录,收集信息。信息收集可以参考以下链接地址:
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°Chttp://support.ruijie.com.cn/showtopic-19267.aspx=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C如何通过收集的信息来查看是哪台PC上行流量过大导致路由器CPU高。一般只需要看三个地方,一个是内网口、一个是外网接口的发送流量,最后一个是每台PC的上行及下行的流量。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C内网口的接收流量,也就是G0/0接口的input流量,是否与G0/1接口的output(发送流量)流量差别很大,如果差了5M以上,那么就需要进一步查看是哪台PC的上行流量偏高导致这两个数值差据了5M以上。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C查看每台PC的上行及下行流量命令:sh ip f o all,总共有五列,
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C第一列为IP;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C第二列为通过路由器限速后的上行流量;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C第三列为通过路由器限速后的下行流量;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C第四列为PC真实需要的上行流量;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C第五列为PC真实需要的下行流量。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C可以看下以下收集的某客户信息,内网口G0/0接口input流量为86M左右,G0/1口的output流量只有17M,这个数据可能得知,咱内网有PC在进行上行流量攻击。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C我们再找出是哪几台PC的上行流量过大导致的,通过sh ip f o all,发现第四列有非常多PC需要高上行带宽的。那么将这几台PC关闭掉后。网络正常。
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CNBR2000#sh int
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C========================== FastEthernet 0/2 ========================
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CFastEthernet 0/2 is DOWN , line protocol is DOWN
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CHardware is PQ3 FCC FAST ETHERNET CONTROLLER FastEthernet, address is 001a.a941.
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°Cf512 (bia 001a.a941.f512)
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CInterface address is: no ip address
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CARP type: ARPA,ARP Timeout: 3600 seconds
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C MTU 1500 bytes, BW 100000 Kbit
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Encapsulation protocol is Ethernet-II, loopback not set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Keepalive interval is 10 sec , set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Carrier delay is 2 sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C RXload is 1 ,Txload is 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Queueing strategy: FIFO
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output queue 0/40, 0 drops;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Input queue 0/75, 0 drops
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds input rate 0 bits/sec, 0 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds output rate 0 bits/sec, 0 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 packets input, 0 bytes, 0 res lack, 0 no buffer,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Received 0 broadcasts, 0 runts, 0 giants
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 packets output, 0 bytes, 0 underruns,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 output errors, 0 collisions, 0 interface resets
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C========================== Null 0 ========================
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CNull 0 is UP , line protocol is UP
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CHardware is Null
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CInterface address is: no ip address
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C MTU 1500 bytes, BW 8000000 Kbit
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Encapsulation protocol is NULL, loopback not set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Keepalive interval is 0 sec , no set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Carrier delay is 2 sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C RXload is 1 ,Txload is 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Queueing strategy: FIFO
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output queue 0/40, 0 drops;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Input queue 0/75, 0 drops
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds input rate 0 bits/sec, 0 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds output rate 0 bits/sec, 0 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 packets input, 0 bytes, 0 res lack, 0 no buffer,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Received 0 broadcasts, 0 runts, 0 giants
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 packets output, 0 bytes, 0 underruns,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 output errors, 0 collisions, 0 interface resets
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C========================== GigabitEthernet 0/0 ========================
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CGigabitEthernet 0/0 is UP , line protocol is UP
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CHardware is PQ3 TSEC GIGABIT ETHERNET CONTR GigabitEthernet, address is 001a.a94
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C1.f510 (bia 001a.a941.f510)
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CInterface address is: 192.168.1.1/24
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CARP type: ARPA,ARP Timeout: 3600 seconds
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C MTU 1500 bytes, BW 50000 Kbit
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Encapsulation protocol is Ethernet-II, loopback not set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Keepalive interval is 10 sec , set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Carrier delay is 2 sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C RXload is 261 ,Txload is 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Queueing strategy: FIFO
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output queue 0/40, 0 drops;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Input queue 0/75, 0 drops
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds input rate
864643768 bits/sec, 101582 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds output rate 1455736 bits/sec, 269 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 128102811 packets input, 3028722988 bytes, 5 res lack, 0 no buffer,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Received 3534 broadcasts, 0 runts, 0 giants
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 505431 packets output, 375864815 bytes, 0 underruns,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 output errors, 0 collisions, 0 interface resets
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Link Mode: 1000M/Full-Duplex
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output flowcontrol is off;Input flowcontrol is off.
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C========================== GigabitEthernet 0/1 ========================
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CGigabitEthernet 0/1 is UP , line protocol is UP
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CHardware is PQ3 TSEC GIGABIT ETHERNET CONTR GigabitEthernet, address is 001a.a94
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C1.f511 (bia 001a.a941.f511)
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CInterface address is: 222.77.33.2/30
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CARP type: ARPA,ARP Timeout: 3600 seconds
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C MTU 1500 bytes, BW 1000000 Kbit
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Encapsulation protocol is Ethernet-II, loopback not set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Keepalive interval is 10 sec , set
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Carrier delay is 2 sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C RXload is 1 ,Txload is 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Queueing strategy: FIFO
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output queue 0/40, 0 drops;
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Input queue 0/75, 0 drops
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds input rate 1727584 bits/sec, 252 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 5 seconds output rate
1700152 bits/sec, 362 packets/sec
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 469021 packets input, 425669196 bytes, 0 res lack, 0 no buffer,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Received 0 broadcasts, 0 runts, 0 giants
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 603586 packets output, 311332012 bytes, 0 underruns,0 dropped
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C 0 output errors, 0 collisions, 0 interface resets
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Link Mode: 100M/Full-Duplex
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C Output flowcontrol is off;Input flowcontrol is off.
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CNBR2000#
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CNBR2000#sh ip f o all
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CInner Network Online User:15
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CTotal inbound original flowrate:888133 Kbps, Inner Network after rate-limit:1947
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CKbps
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CTotal outbound original flowrate:1613 Kbps, Inner Network after rate-limit:1403
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CKbps
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CIP Inbound(kb/s) Outbound(kb/s) Receive_IN(kb/s) Receive_OUT(kb
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C/s)
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CTotal 1947 1403
888133 1613
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C================================================================================
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C===
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CTo-Router-Local 9 3
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.8 246 999 246 1087
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.4 99 400 109 519
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.123 199 2 59759 2
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.17 200 1 58080 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.70 201 1 63442 1
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.10 0 0 0 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.6 0 0 0 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.88 201 0 66300 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.62 201 0 228724 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.45 201 0 118725 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.5 0 0 0 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.21 200 0 223287 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.7 0 0 0 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.9 0 0 0 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C192.168.1.89 199 0 69452 0
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°CNBR2000#
=n~^Þ«Õesupport.ruijie.com.cnϬwf®Ôh°C
