At work I have to use smb to access all kind of data: source directories, project files, internal data and such. I use smb4k as friendly smb browser and am very happy with it. Until tuesday: Saving a php file with some 1000 LOC took 5 seconds, extracting a 37MiB bz2 file felt as it would never end (but finally did after 20 minutes). Further, I wanted to share some 2GiB data with a colleague via ftp. We had 35kib/s transfer rate!
35 is very low when used to 10MiB/s, but this day I had no time to investigate. On wednesday, network felt even slower than the day before. (I've gotta say that http traffic was fast as ever). What could it be? I fired up etherape and got a shock - I had connections to 300+ machines! The thoughts I had can be best described with "Oh my, I am master of a bot net! On my unix machine!".
After examining the graph in detail I noticed that my laptop did not have this connections alone - I saw all the traffic in the network, including my boss's yahoo messenger traffic... All this although our company network is a switched network, and I had a switch in my room the laptop was behind.
Looking at the switch in my room I saw it was some dumb hub that forwards all packages to all computers connected to it. That was a first point, but still did not explain why the main HP switch did act as a hub. Now I got a switch from the server room, replaced the hub and etherape did show just the three connections that were really coming from my machine. smb was fast! ftp was fast! What a relief, being able to work normally again.
The HP switch is still a mystery for us; it might act as a hub because it is configured to put some ports in a virtual network. Although there is one idea that also could be true: Maybe the network cable in my room shares the same port as the black box of Germany's secret service BND that is probably somewhere in our server room...