Solved

Excessive connections on systems fill Sonicwall Cache of 4096.

Posted on 2004-08-10
5
339 Views
Last Modified: 2012-05-05
I have been having problems with our system.  We thought it was just a Backdoor trojan...but we have isolated all of the machines and thoroughly cleaned them.  But I am still getting heavy utilization on our system which makes it excessively slow and sporadically decline connections because it exceeds the 4096.  I have 15 servers and about 50 client pcs.  I have shutdown the VPN to prevent machines not yet cleaned from accessing the system.  I do not have a clue which direction to turn at this point.  I am running mcAffee AV on all the machines.  Any help would be great.  I am looking into a Fluke One Touch tool to possible help but justifying the cost to management is always a challenge.  Thank you in advance for your assistance.
0
Comment
Question by:sissyl
5 Comments
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11766136

Look at something called http://www.ethereal.com.  It can capture network traffic and identify where it originates.

I'm assuming your on Windows.
0
 
LVL 1

Expert Comment

by:oxymoronx
ID: 11766141
Check your outbound port connections on the firewall and isolate which doors the traffic is attempting to get out of.  I'd run a pc analyzer on every pc to determine exactly what is running.  remember that mcaffee won't pick up adware, spyware, and peer to peer applications.  find out what everyone is doing at the local pc level.  is someone running a gameserver you're not aware of?  peer to peer applications can do the same thing and a simple host file will direct the p2p client to any port available for outgoing traffic.

just a couple of thoughts.
0
 
LVL 8

Expert Comment

by:Marakush
ID: 11766391
I would tend to agree with adamdrayer, run ethreal for about  1 hour or set the packet capture for like 10 meg, it will show where the greatiest amount of traffic is comming from without having to go to each PC and test it.


Marakush
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11767145
you could also use a HUB to sniff the network traffic.  When we have these problems, instead of installing the ethereal software on the target PC, we have already installed it on a laptop.  We take the network cable out of the target PC plug it into the uplink port of the HUB and then plug a cable from the hub to the PC.  Also, the laptop is plugged into the hub.  Since a HUB broadcast all packets to every port, you can see all the traffic going to and from the PC on the laptop (which is running etherreal).
0
 
LVL 1

Expert Comment

by:tropsmr2
ID: 11769390
To add to the rest:

You MUST use a hub if your Ethereal trace is to be successful.  The NETGEAR DS104 is a good choice as it supports both 10 and 100 (must make sure that the sniffer selects the same speed as whatever you are sniffing).

On a heavily loaded network, it should only take a minute or two Ethereal trace to determine the problem.  

Beware of the SASSER worm as it will quickly load a net as it searches for victim machines.
Post the trace and let's see what we come up with....

0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replacing 2811 to ISR 4331 2 47
Master-Master-Slave BIND setup 2 31
ASA NAT rule change 3 29
Server 2016 WSUS 7 37
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question