Recommended Posts

hello all. i hope someone can help me with this.

at my we have a comcast business class router plugged into a linksys SRW248G4 switch.

everything runs fine for a while but at times during the day i am locked out of our comcast router.

we have had comcast come out and look at it many times. they have replaced the router 3 times.

comcast tells me that it must be the switch.

the problem is that when i log into the router. 192.168.1.1 i get an error message

Document Error: Data follows

Access Error: Data follows

Can't get memory

if i go and unplugg the router and plug it back in, than i can log into it.

so, is it possible that the linksys switch has something to do with this? i have not changed any settings. the switch is just plugged in right out of the box.

is there something i can change or try?

Link to comment
https://www.neowin.net/forum/topic/782048-router-problems-with-linksys-switch/
Share on other sites

"the switch is just plugged in right out of the box."

Thats a shame -- thats a $300 "managed" switch - why would you spend $300+ on managed switch if your just going to plug it in and not use any of its managed features??

It seems highly unlikely that switch could be causing any issues.. What router do you have? Does it have more than 1 lan interface? If so plug into the one its lan ports -- do you still have the problem? Then its not the switch.

Again -- its is VERY UNLIKELY that the switch would be causing you any issues -- especially if your not using any of its managed features, vlans, etc.

Well depends on what your doing - if your not using any vlans, or don't want to monitor any ports or setup aggregated connections between any other switches, or setup any type of ACLs or QoS then no.

But since your rebooting the router to fix the issue -- how does that point to the switch?

i don't know. i don't really think it does.

that's just what the tool at comcast was saying. he was trying to tell me that the switch is sending data back through the router. or some crap like that.

I didn't believe him but what was i going to say.

we have a static ip address and the switch is also set with a static address. if that means anything.

What router do you have? And how many users? Thats a 48 port switch -- do you have 48+ users?

If he is saying its sending crap to the router - its a managed switch, so you can take a look at the amount of traffic is being sent to the router (port router is connected too) and look at your other ports and see if its coming from one of your machines, etc.

What crap would it be sending that would crash the router? Internet Traffic ;) hehehe

If I had to take a wild ass guess, I would think your routers not able to support the amount of users you have, etc. Can you post the model number of your router.

But sure take a look on the switch to see how much traffic is being sent to the router -- you should also be able to setup a span or monitor port and watch all the traffic going to and from the router -- use your fav network analyzer -- say wireshark and see what could causing you problems.

Off the top -- the only thing I could think of that a managed switch would be sending to the router -- other than traffic the users are sending to the gateway would be spanning tree. You could always turn that off, or at least turn it off for that port connected to the router. You could also block IGMP (multicast) from going to the router, etc.

edit: hmmm other thing you could look at I guess would be the speed of the port connecting the switch to the router compared to your internet connection speed. Let say your wan side is 10mbit and your lan side is 100mbit -- with lots of users talking to the internet -- they could could just be overloading the router. Not much point to talking to the router at 100, if its wan is only 10, so you could adjust that.

Again these are just wild ass guesses.. If they are saying its the switch -- have them tell you what its doing that the router does not like ;)

Edited by BudMan

I had a similar issue at one of my clients. It ended up being a spywared up computer that was sending a ton of traffic to the pos crapcast modem. crapcast blamed it on everything under the sun. Unfortunatly I couldn't properly troubleshoot it being that the users laptop was never there when I was and everything was working properly. They (crapcast) were called out and they (crapcast) found the issue.

the router is....

Comcast business IP Gateway. model # SMC8014

we have about 25 to 30 users. most of the computers are just time clock in machines. they are on the internet but not much goes on with them. and i clean them from spyware if any whenever i can.

i have to say that i don't really know how to monitor the traffic on specific ports. i am not familiar with managed switches.

we have a bunch of dell machines. a lot of them have gigabyte nics in them. some also have 10/100 nics.

if you have a small hub and/or switch put it between your modem and your switch. hook up a computer/laptop to monitor traffic between the two. what ever is sending the most traffic to the modem disconnect it and see if the issue goes away, if it does look at the logs and see what it is connecting to and clean it up if they are malware related sites.

http://www.wireshark.org

  sc302 said:
if you have a small hub and/or switch put it between your modem and your switch. hook up a computer/laptop to monitor traffic between the two. what ever is sending the most traffic to the modem disconnect it and see if the issue goes away, if it does look at the logs and see what it is connecting to and clean it up if they are malware related sites.

http://www.wireshark.org

Just a note on this, this will only work if its a hub. Unless you configure a managed switch to forward a copy of all traffic out a specific switchport (the one your laptop is connected too)

  sc302 said:
works with unmanaged switches and out of the box managed switches. this would hold true for vlan'd switches, or switches that have been locked down only allowing certain traffic to pass between ports.

I could be wrong on this, and Budman can correct me. But it has always been my understanding and I have always been taught that a switch even a dumb switch forwards traffic out the appropriate port only (based on the dest MAC address that the switch learns). However a hub will broadcast traffic out all ports regardless of destination.

look at your endpoints. see who is transmiting the most. look at your conversations see who is communicating to what.

  Sophism said:
I could be wrong on this, and Budman can correct me. But it has always been my understanding and I have always been taught that a switch even a dumb switch forwards traffic out the appropriate port only (based on the dest MAC address that the switch learns). However a hub will broadcast traffic out all ports regardless of destination.

you are absolutly right.

doubtful doubter, why don't you try wireshark and see what spits out.

  sc302 said:
look at your endpoints. see who is transmiting the most. look at your conversations see who is communicating to what.

you are absolutly right.

doubtful doubter, why don't you try wireshark and see what spits out.

With a switch, unless it is configured otherwise, you should only be seeing the traffic destined for the client that is running wireshark itself.

  Sophism said:
With a switch, unless it is configured otherwise, you should only be seeing the traffic destined for the client that is running wireshark itself.

extremely untrue. again, it is simple to see for yourself so why don't you.

  AOXOMOXOA said:
well just to check it out i installed wireshark on my machine. it is running and putting up all kinds of data. but i don't know how to read this or what i'm even looking for.

i am running wireshark.. but i don't know what it is telling me.

i just got this

wirelog.jpg

  sc302 said:
extremely untrue. again, it is simple to see for yourself so why don't you.

I did, and I see traffic destined for my machine only.

Here is a description of methods for capturing traffic from machines other then your own.

http://wiki.wireshark.org/CaptureSetup/Eth...65ffc8160f6f3a6

As for reading the output of wireshark...

http://openmaniak.com/wireshark.php

Another really good link:

users.rowan.edu/~shetty/classes/ece402/tutorial/Wireshark-Tutorial.pdf

Edited by Sophism

"Switched Networks

A switched network is also a good deterrent. In the non-switched environment, packets are visible to every node on the network, in a switched environment, packets are only delivered to the target address. While more expensive than hubs, the cost of switches have fallen over time, bringing them within reach of most budgets. Unlike hubs, switches only send frames to the designated recipient; therefore a NIC in promiscuous mode on a switched network will not capture every piece of local traffic. But programs such as dsniff, allow an attacker to monitor a switched network with a technique known as arp-spoofing. Although it uses different methods, arp-spoofing can provide results similar to sniffing, i.e. compromised data. Is there anything that can truly protect your data once it reaches the network?"

Edited by sc302

This is just a guess, but I am thinking that your router cannot handle the traffic that is comming from your network.

What kind of connection do you have?

WHen you did that wireshark capture... Did you place a hub between the router and the switch and then plug your computer into that hub? How long did that capture run before you ran into issues.

  sc302 said:
Switched Networks

A switched network is also a good deterrent. In the non-switched environment, packets are visible to every node on the network, in a switched environment, packets are only delivered to the target address. While more expensive than hubs, the cost of switches have fallen over time, bringing them within reach of most budgets. Unlike hubs, switches only send frames to the designated recipient; therefore a NIC in promiscuous mode on a switched network will not capture every piece of local traffic. But programs such as dsniff, allow an attacker to monitor a switched network with a technique known as arp-spoofing. Although it uses different methods, arp-spoofing can provide results similar to sniffing, i.e. compromised data. Is there anything that can truly protect your data once it reaches the network?

If the switched is configured in a way that blocks arp spoofing and broadcast traffic being sent to other ports then you are absolutly right.

Of course, you can also do MAC flooding as well. But both subjects our probably outside the scope of this user, therefor, recommending him to use a switch is a bad idea because he would run into issues. If your switches are spamming traffic (including unicast which is what we are most interested in) then you have some serious configuration/security issues on your network.

I dont know how his network is configured but most likely he is going to be receiving broadcast traffic anyway. Unicast is what you would want to look at.

  Sophism said:
This is just a guess, but I am thinking that your router cannot handle the traffic that is comming from your network.

What kind of connection do you have?

WHen you did that wireshark capture... Did you place a hub between the router and the switch and then plug your computer into that hub? How long did that capture run before you ran into issues.

no hub. i just ran it from my machine. my machine plugs in to the router and not the switch.

My vote is on a crappy router although I would wait on a second opinion from budman.

FYI looking at that screenshot you have users on your network who are downloading with Bittorrent. Probably a good idea to squash that if its not being used for legal purposes.

from that picture i would look at x.200. I would recommend getting a $10 hub and put it in between. it seems that you are getting a lot of data to that modem in a short amount of time, overloading it.

save a log, zip it, post it and lets see what we can help with.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • With laws changing, they (tech companies) may need to pivot fast to ID checking. They don’t want to hold that info due to accountability, penalties for data breaches. It also helps if they can comply but not know who when law comes asking.
    • Gemini to access WhatsApp, messages, and calls on Android devices by July 7 by Paul Hill Google has emailed some users of its Gemini AI to inform them of a new change coming into force on July 7, 2025, that will allow Gemini to integrate with Android apps like WhatsApp, Messages, and Phone, Tuta has learned. The change will apply to users whether or not they have disabled Gemini Apps Activity in their settings. For users who decide to keep this feature enabled, it will mean that Gemini can perform tasks like sending messages or making calls using these apps. The associated help page seems to be already live, and it outlines how to use the feature, plus what Gemini cannot do with WhatsApp if you have the two connected. Google says Gemini won’t be able to read or summarize your WhatsApp messages; add or read images, GIFs, or memes in your messages; add or play audio or videos in your messages; or read or respond to WhatsApp notifications. A bit worryingly, Google follows up right after saying, “The Gemini mobile app may support some of these actions with help from Google Assistant or the Utilities app, even with WhatsApp disabled in Gemini.” According to Tuta, you can limit Gemini’s access on your device by going to the Gemini app > Profile > Apps > Toggle off individual app extensions. You can also switch off Gemini Apps Activity by going to Gemini > Profile > Gemini Apps Activity > Turn off, but this may not be enough to prevent access to your WhatsApp after the update. Even with Gemini App Activity switched off, Google may store your activity for 72 hours for security, safety, and user feedback. This update by Google reflects a larger trend among big tech companies quietly changing their terms and opting users into new features automatically. Most recently, Meta rolled out its Meta AI in WhatsApp without a way to switch it off. When Google does roll out the feature to Gemini, most people probably won’t realize the change occurred unless Google throws a big message up in Gemini. Even if Google does do that, disabling access to WhatsApp seems a bit confusing.
    • But you will need to detail what VPN it is - not just "I have a VPN" - help people help you!
    • GeForce NOW gains support for 21 games in July, including Killing Floor 3 and Schedule I by Pulasthi Ariyasinghe Just as we start off a new month, Nvidia has a fresh GeForce NOW announcement for subscribers. The newly published blog post by the company details 21 games that are gaining support for the cloud gaming service in July, with some highlights including Killing Floor 3, Little Nightmares II, Schedule I, RoboCop: Rogue City – Unfinished Business, and more. Just this week alone, Nvidia is adding support for the following seven games for GeForce NOW subscribers: Little Nightmares II (New release on Xbox, available on PC Game Pass, July 1) Figment (New release on Epic Games Store, free, July 3) Path of Exile 2 (Kakao Games) Clicker Heroes (Steam) Fabledom (Steam) Rogue: Genesia (Steam) Schedule I (Steam) Nvidia also has plans to add a bunch more games during the rest of the month, which is when most of the biggest new releases are coming: The Ascent (New release on Xbox, PC Game Pass, July 8) Every Day We Fight (New release on Steam, July 10) Mycopunk (New release on Steam, July 10) Brickadia (New release on Steam, July 11) HUNTER×HUNTER NEN×IMPACT (New release on Steam, July 15) Stronghold Crusader: Definitive Edition (New release on Steam, July 15) DREADZONE (New release on Steam, July 17) The Drifter (New release on Steam, July 17) He Is Coming (New release on Steam, July 17) Killing Floor 3 (New release on Steam, July 24) RoboCop: Rogue City – Unfinished Business (New release on Steam, July 17) Wildgate (New release on Steam, July 22) Wuchang: Fallen Feathers (New release on Steam and Epic Games Store, July 23) Battle Brothers (Steam) The company tends to add many more games to its cloud gaming service outside of these early announcements, so check back as weeks go by to see what's new. As always, though, keep in mind that, unlike subscription services like Game Pass, a copy of a game must be owned by the GeForce NOW member (or at least have a license via PC Game Pass) to start playing via Nvidia's cloud servers.
    • The TLDR - It's generally leveraging blockchain/cryptography and math-based proofs. The goal is information can't be stolen because it was never shared - other than what it is you had to prove (you're over 18, 21, or whatever). It still requires that some type of service stores that information in a manner that's secure, but the end goal is you don't have to share that information elsewhere if not necessary. In this instance, government/state issued IDs could leverage these services - and when you go to use any other public or private service you only need to validate what they need to know. It's like handing over a redacted ID except for your birthdate - except in this case it's even better because it doesn't even share that - it could in this case just share "Yes" - you meet the requirements.
  • Recent Achievements

    • Week One Done
      Devesh Beri earned a badge
      Week One Done
    • Week One Done
      956400 earned a badge
      Week One Done
    • First Post
      loose_observer earned a badge
      First Post
    • Week One Done
      BeeJay_Balu earned a badge
      Week One Done
    • Week One Done
      filminutz earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      448
    2. 2
      ATLien_0
      158
    3. 3
      +FloatingFatMan
      151
    4. 4
      Nick H.
      65
    5. 5
      +thexfile
      62
  • Tell a friend

    Love Neowin? Tell a friend!