Hello,
Wondering if anyone might have an idea or suggestion here.
Lately we’ve started seeing some large ammount of flooding on our network which lasts usually about 1-5 minutes and happens randomly, sometimes every few minutes or hours.
When I packet sniff the network I see that it’s not always the same IP source or destination when the flooding is happening. What I see in the logs are large ammounts of TCP DUP ACK packets going from some ip to another ip (this pair of ip’s doesn’t change throughout a single flood)
I am totally out of ideas on this one.
Thanks for any suggestions.