That
depends on your NIC speeds and the load on each subnet (between switches). It
is natural to get malformed packets when two NICs try to transmit at the same
time. At the “throughput limits” discussed below, you will usually
get about 10% malformed packets (at half the throughput, you get about half the
malformed packets, etc.).
10baseT
has a 75-80% throughput limit (8 Mb/s). A subnet running with a higher load gets
a lot of malformed packets. If you have any device on a subnet that requires
10baseT, the whole subnet runs as 10baseT. Using switches instead of hubs
should limit this effect and filter out malformed packets. On the other hand,
that means that you cannot easily see the malformed packets.
Higher
speed NICs should have a throughput limit closer to 90%.
This is
why companies spend the extra money to use switches instead of hubs where they
can. If you have a lot of hubs, as you expand the network (or replace
equipment), add more switches. They still have problems, but fewer. When you do
add switches, make sure your servers are on switches, not hubs and try to keep each
connection to the switch under 50% throughput (limits malformed packets to
under 10%).
If you are
well under the throughput limit and have more than 10% malformed packets, you
can assume that you have a bad piece of equipment.
I hope
this helps
Martin
Katz
From: wireshark-announce-bounces@xxxxxxxxxxxxx
[mailto:wireshark-announce-bounces@xxxxxxxxxxxxx] On Behalf Of Wireshark announcements
Sent: Monday, June 09, 2008 7:19
AM
To:
wireshark-announce@xxxxxxxxxxxxx
Subject: [Bulk]
[Wireshark-announce] What is a good average for malformed packets
Hello,
I’m
in the process of analyzing traffic from our network and I’m coming
across some malformed packets. Before I start going capture crazy.
What is a good (average) of malformed packets on a network?
-Albert
-
