Solved

Excessive connections on systems fill Sonicwall Cache of 4096.

Posted on 2004-08-10
5
321 Views
Last Modified: 2012-05-05
I have been having problems with our system.  We thought it was just a Backdoor trojan...but we have isolated all of the machines and thoroughly cleaned them.  But I am still getting heavy utilization on our system which makes it excessively slow and sporadically decline connections because it exceeds the 4096.  I have 15 servers and about 50 client pcs.  I have shutdown the VPN to prevent machines not yet cleaned from accessing the system.  I do not have a clue which direction to turn at this point.  I am running mcAffee AV on all the machines.  Any help would be great.  I am looking into a Fluke One Touch tool to possible help but justifying the cost to management is always a challenge.  Thank you in advance for your assistance.
0
Comment
Question by:sissyl
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11766136

Look at something called http://www.ethereal.com.  It can capture network traffic and identify where it originates.

I'm assuming your on Windows.
0
 
LVL 1

Expert Comment

by:oxymoronx
ID: 11766141
Check your outbound port connections on the firewall and isolate which doors the traffic is attempting to get out of.  I'd run a pc analyzer on every pc to determine exactly what is running.  remember that mcaffee won't pick up adware, spyware, and peer to peer applications.  find out what everyone is doing at the local pc level.  is someone running a gameserver you're not aware of?  peer to peer applications can do the same thing and a simple host file will direct the p2p client to any port available for outgoing traffic.

just a couple of thoughts.
0
 
LVL 8

Expert Comment

by:Marakush
ID: 11766391
I would tend to agree with adamdrayer, run ethreal for about  1 hour or set the packet capture for like 10 meg, it will show where the greatiest amount of traffic is comming from without having to go to each PC and test it.


Marakush
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11767145
you could also use a HUB to sniff the network traffic.  When we have these problems, instead of installing the ethereal software on the target PC, we have already installed it on a laptop.  We take the network cable out of the target PC plug it into the uplink port of the HUB and then plug a cable from the hub to the PC.  Also, the laptop is plugged into the hub.  Since a HUB broadcast all packets to every port, you can see all the traffic going to and from the PC on the laptop (which is running etherreal).
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11769390
To add to the rest:

You MUST use a hub if your Ethereal trace is to be successful.  The NETGEAR DS104 is a good choice as it supports both 10 and 100 (must make sure that the sniffer selects the same speed as whatever you are sniffing).

On a heavily loaded network, it should only take a minute or two Ethereal trace to determine the problem.  

Beware of the SASSER worm as it will quickly load a net as it searches for victim machines.
Post the trace and let's see what we come up with....

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Local DNS and Home Routers 4 32
Failover VPN Question Sonicwall 5 33
Sonicwall SHA issue 4 26
Internal users cannot browse external corporate website 4 20
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question