Solved

Excessive connections on systems fill Sonicwall Cache of 4096.

Posted on 2004-08-10
5
307 Views
Last Modified: 2012-05-05
I have been having problems with our system.  We thought it was just a Backdoor trojan...but we have isolated all of the machines and thoroughly cleaned them.  But I am still getting heavy utilization on our system which makes it excessively slow and sporadically decline connections because it exceeds the 4096.  I have 15 servers and about 50 client pcs.  I have shutdown the VPN to prevent machines not yet cleaned from accessing the system.  I do not have a clue which direction to turn at this point.  I am running mcAffee AV on all the machines.  Any help would be great.  I am looking into a Fluke One Touch tool to possible help but justifying the cost to management is always a challenge.  Thank you in advance for your assistance.
0
Comment
Question by:sissyl
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11766136

Look at something called http://www.ethereal.com.  It can capture network traffic and identify where it originates.

I'm assuming your on Windows.
0
 
LVL 1

Expert Comment

by:oxymoronx
ID: 11766141
Check your outbound port connections on the firewall and isolate which doors the traffic is attempting to get out of.  I'd run a pc analyzer on every pc to determine exactly what is running.  remember that mcaffee won't pick up adware, spyware, and peer to peer applications.  find out what everyone is doing at the local pc level.  is someone running a gameserver you're not aware of?  peer to peer applications can do the same thing and a simple host file will direct the p2p client to any port available for outgoing traffic.

just a couple of thoughts.
0
 
LVL 8

Expert Comment

by:Marakush
ID: 11766391
I would tend to agree with adamdrayer, run ethreal for about  1 hour or set the packet capture for like 10 meg, it will show where the greatiest amount of traffic is comming from without having to go to each PC and test it.


Marakush
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11767145
you could also use a HUB to sniff the network traffic.  When we have these problems, instead of installing the ethereal software on the target PC, we have already installed it on a laptop.  We take the network cable out of the target PC plug it into the uplink port of the HUB and then plug a cable from the hub to the PC.  Also, the laptop is plugged into the hub.  Since a HUB broadcast all packets to every port, you can see all the traffic going to and from the PC on the laptop (which is running etherreal).
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11769390
To add to the rest:

You MUST use a hub if your Ethereal trace is to be successful.  The NETGEAR DS104 is a good choice as it supports both 10 and 100 (must make sure that the sniffer selects the same speed as whatever you are sniffing).

On a heavily loaded network, it should only take a minute or two Ethereal trace to determine the problem.  

Beware of the SASSER worm as it will quickly load a net as it searches for victim machines.
Post the trace and let's see what we come up with....

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Let’s list some of the technologies that enable smooth teleworking. 
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now