NetFlow and High CPU

Garoun11 · August 18, 2018, 8:32am

Hello

I have a pc in my LAN generating lots of packet to the broadcast IP address of my network as well as the 255.255.255.255 IP .

I used netflow in the router and from the show ip route cache flow command

I can see that the traffic has destination interface Null and sends around 20k packets .

For example

Source interface gig0/0

Ip 192.168.1.33

Destination interface **Null**

**Destination ip 192.168.1.255**

**Destination ip 255.255.255.255**

**Pro 11**

This behavior has caused my cpu to reach 80-90% .

Can I have some help if t this is something relative to the user or misconfig to the router interface ?

Thanks
Kostas

lagapidis · August 18, 2018, 3:22pm

Hello Kostas

First of all, you should verify the source of the traffic. Disconnect the suspect PC and see the results in the traffic on your network. Check to see CPU usage has indeed gone down (I assume the CPU usage you’re talking about is in the switch or router processing the broadcasts). If broadcasts continue and CPU usage is still high, then you have to find the real source of the problem.

If it is indeed the suspect PC, make sure you examine the PC and run any anti-malware and antivirus software you can think of. Make sure that the PC gets cleaned up before placing it on the network once again.

Once that’s done and you reconnect it, keep an eye out for the next couple of days of any excess broadcast traffic you may see on the network.

I hope this has been helpful!

Laz

ziyad.barqawi · August 24, 2018, 9:01pm

-Trace the source ip and check the PC
-run show proc cpu sort and see the highest process during the issue
-check the ios running and check for any known bug it might be a netflow bug issue
-span the traffic and trace the source and dest packets.