Our network is being flooded by these types of packets. I have searched for 00:00:00:00:00:00 mac on all the switches to see if there was a single or multiple devices causing this issue. I believe it is a similar issue to the one below. Anyone have any suggestions of where to start?
We got the traffic to stop for now by replacing the switch that seemed to be causing the most issues. I do not have much confidence that this will solve our problem long term, but I'm hopeful. I will update if things change.
I'd suggest starting with what the answer to the old question says. An OUI of 00:00:00 is assigned to Xerox; that either means 1) there's Xerox hardware that uses it or 2) it's assigned to Xerox, the original inventors of Ethernet, to keep it permanently reserved. If you don't have any Xerox equipment on your network, those packets are probably coming from a device that's putting bad packets on the network.
We got the traffic to stop for now by replacing the switch that seemed to be causing the most issues. I looked for any all-zero mac addresses already and couldn't find anything in any of the mac tables as the previous article suggested.
@Avaorgoune can you provide as a trace withe this packet?
Below is a short snippet of the millions of captured packets:
+---------+---------------+----------+ 16:50:05,100,941 ETHER |0 |00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|06|09|00|01|56|00|0e|00|22|00|2a|00|00|ff|ff|fe|ba|01|45|00|07|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00 ...
Comments
"I have searched for 00:00:00:00:00:00 mac on all the switches...", but did you find any?
No, I did not find anything in any of the mac tables.
With what kind of capture tool, did you take the trace?
Wireshark. Or are you asking what type of a device I used?