RB532 mystery UDP Packets

maxxgraphix · January 7, 2008, 3:02pm

I have a 2 year old that never worked right the day it was installed. It has 32mb ram, running at 264 with RouterOS 2.95 Level 5. I had to replace the unit to keep the network up.
POE 48V power and nothing else installed.
Formated the nand, reloaded the OS and reflashed the BIOS.

Anyway it will run, but it has a UDP packet from to 0.0.0.0 on ether1 that eats bandwidth since it repeats over and over. If you disable eth1 and use eth2 the packet moves to that port. It uses about 40kbps.

The packet originates in the router and can be viewed with tourch or the packet sniffer. It does nothing but screw up the network. It even overloaded a 10/100 switch and brought the network down. I’ve seen it use as much 100% cpu and 80mbp after it runs for a week.

After a fresh OS load and reset it’s now at 40kbps.

I guess my question is, is this board just fried? Or can it be fixed?

Gerard · January 7, 2008, 6:56pm

Port 20561 is for MAC Winbox.

Can you post more info about your network. I suspect you may have a bridge loop that is causing the broadcast packets to be amplified.

-Gerard

maxxgraphix · January 7, 2008, 10:37pm

There’s not much here in this test network. Just a few Windows machines in a Peer2Peer, 1 8 port 10/100 unmanaged switch, 1 linux web server, 1 Dlink Router with wireless running DHCP.

The RB532 will do this even when nothing else is plugged in to the switch. The amber traffic light just blinks away.

Diganet · January 7, 2008, 10:56pm

Why dont you sniff the packets and look what’s inside?

/Henrik

maxxgraphix · January 8, 2008, 12:16am

It’s just junk going no where. I replaced the unit since it wouldn’t perform in the field. I was just hoping to fix it.

Gerard · January 8, 2008, 2:14am

How do you connect to your Mikrotik? Through an IP or through the MAC address? It doesn’t make any sense for the Mikrotik to be generating packets like that. Maybe when the Mikrotik guys get online they’ll have a better answer..

If you’re not using MAC winbox you can make a firewall rule to drop the packets..

-Gerard

maxxgraphix · January 8, 2008, 3:25am

I was trying to use a rule to drop them. But it seemed to ignore the rule.
I’ll set it up as a simple AP here in my shop to see what happens. I’ve been wanting to dump that crappy Dlink and use this as our broadband firewall / router.

Networking is not my main business. I do it on the side when I’m forced into it otherwise I try to stay away from the jobs.

Gerard · January 8, 2008, 3:55am

If you could get a sniff of the data while it is sending massive amounts of data that would help too. The sniff you posted just looks like normal mac winbox traffic so it doesn’t really tell me much..

-Gerard

maxxgraphix · January 8, 2008, 4:12pm

Here’s the packets I’m talking about. Protocol 34824 Size 46. Over and Over and Over.

Gerard · January 8, 2008, 5:10pm

oh, That is something completely different. I have no idea what that traffic is. I did a quick Google for that protocol number and didn’t see anything useful..

I doubt it is being generated by the Mikrotik though.

-Gerard

maxxgraphix · January 8, 2008, 9:04pm

I’m positive those packets are from the router. Even when isolated the traffic light will flash when connected into a switch with no other connections.

After the upgrades and BIOS reflash this is the best I’ve seen it behave. I’ll keep testing it. Maybe it won’t get worse and I can use it in my shop.