javeed_ccna
asked on
Internet Leased Line is very slow ???
Dear Friends,
we have a new leased line 128 Kbps for internet, i have windows 2000 SP4 and exchange 5.5 SP4,
and we have 400 users in our network, before 3 days the performance of leased line is good but from 3 days its very slow.
When i ping to ISP proxy server it is taking 1000 to 12000 milli seconds of time, before it was only 60 - 80 milliseconds.
from ISP side they are using some traffice utilization tools and they are saying that the complete bandwidth 128 Kbps is utilized for internet .
But we have only 5 users who can access internet and exchange 5.5 is connected.
If the problem with exchange traffic, before it was good , the problem is coming since 3 days only.
and another last hint is , we have another leased line to connect our remote brance, since 4 weeks that is also getting same problem.
any solution.
we have a new leased line 128 Kbps for internet, i have windows 2000 SP4 and exchange 5.5 SP4,
and we have 400 users in our network, before 3 days the performance of leased line is good but from 3 days its very slow.
When i ping to ISP proxy server it is taking 1000 to 12000 milli seconds of time, before it was only 60 - 80 milliseconds.
from ISP side they are using some traffice utilization tools and they are saying that the complete bandwidth 128 Kbps is utilized for internet .
But we have only 5 users who can access internet and exchange 5.5 is connected.
If the problem with exchange traffic, before it was good , the problem is coming since 3 days only.
and another last hint is , we have another leased line to connect our remote brance, since 4 weeks that is also getting same problem.
any solution.
128Kbps for 400 Users?
If your users are out going to the internet that can explain it (it takes a few days to learn the Internet's capabilities and users are fast learners when it comes to Internet). Also, I would check any FW log to verify that Im not transmitting (uploading) anything beyond my control. If you are using xDSL, uploading can be critical.
Also, you may check or scan for any sudden spyware/viruses implants...
I would suggest to implement any traffic gateway to control bandweidth thus allowing you to analyze outgoing traffic and what element is using that traffic.
If you want to read more about it just say so...
:)
Cyber
If your users are out going to the internet that can explain it (it takes a few days to learn the Internet's capabilities and users are fast learners when it comes to Internet). Also, I would check any FW log to verify that Im not transmitting (uploading) anything beyond my control. If you are using xDSL, uploading can be critical.
Also, you may check or scan for any sudden spyware/viruses implants...
I would suggest to implement any traffic gateway to control bandweidth thus allowing you to analyze outgoing traffic and what element is using that traffic.
If you want to read more about it just say so...
:)
Cyber
ASKER
Yes please..Cyber-Dude.
Sniffer is useful ??
Sniffer is useful ??
ASKER
Cyber-dude,
400 users arent using internet connection, only 5 people are using internet. but i connected my exchange to this leased line, but before i was working fine, from one week only this is coming.
From where i can get Sniffer tool Trailer version.
400 users arent using internet connection, only 5 people are using internet. but i connected my exchange to this leased line, but before i was working fine, from one week only this is coming.
From where i can get Sniffer tool Trailer version.
You can monitor Internet activities via Firewall and this is the best way to do so due to the fact that this is the element that holds all external usage. Do you use a Firewall system (i.e. ISA Server, Proxy, PIX, Checkpoint and forth) and if yes, what type?
Cyber
Cyber
ASKER
Yeah i have PIX 515E and ISA 2004 server , could you please tell me how to monitor ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd use MRTG, or a similar tool, to look at how much bandwidth is being used.
ASKER
Dear cyber Dude
u explained a complex procedure, it is confirmed that there is virus in my remote network, its capturing all bandwidth of my internal leased line and external ( internet leased line). If it is a virus , what kind of virus it is ?
Could you please tell me is there any new threat or virus that effect bandwidth like DOS attack.
how to overcome such kind of situation ??
u explained a complex procedure, it is confirmed that there is virus in my remote network, its capturing all bandwidth of my internal leased line and external ( internet leased line). If it is a virus , what kind of virus it is ?
Could you please tell me is there any new threat or virus that effect bandwidth like DOS attack.
how to overcome such kind of situation ??
ASKER
Dear all,
Is there any virus related to bandwidth, because my internal network bandwidth also has been decreased along with my internet leased line bandwidth. that means there is some virus in my network nodes thats causing this bandwidth problem.
How to trace such kind of virus \??
What firewall do you use ?
Surely the logs will tell you which internal IP addresses are generating the most traffic ?
Otherwise (for free), you could use Ethereal and Snort to diagnose this further...
Surely the logs will tell you which internal IP addresses are generating the most traffic ?
Otherwise (for free), you could use Ethereal and Snort to diagnose this further...
Any self spreading virus (i.e. worms) may potencially reduce network performance. If you want to know how it is doing so, theres an example for a very widespread and common virus: The NetSky virus...
Read the following article from the department od information technology:
http://technology.shu.edu/page/Virus+Alert+Netsky+Virus!OpenDocument
Cyber
Read the following article from the department od information technology:
http://technology.shu.edu/page/Virus+Alert+Netsky+Virus!OpenDocument
Cyber
ASKER
Dear tim_holman,
I am using PIX firewall 515 E, how can i check the logs in PIx ?/
ASKER
Dear tim,
I am using Ethereal, on that i found my internal router that is connected to our remote branch i generating most Broadcasting packets, and some systems oftenly broadcasting packets, can i assume this is causing a low bandwidth ?
i scanned all my pc's in my segment and i found some PC's infected with virus. \
Is there Any alternate this i have check ?
The only way to verify PIX logs is via a Syslog server - eg Kiwi, and a log analyzer like SawMill would also assist.
Either that, or plug in a console and look at the messages as they go past, but this isn't much good if you've a high volume of messages.
If you get a nice long Ethereal file, you can pipe this through Snort to see if there are any malicious anomalies in your network traffic. This is all freeware, so all you need is the time !
What sort of broadcasts are you picking up ? These are normal, yes, but too many of them may indicate a faulty network card somewhere on your network, so if you've one host that is being too chatty, turn it off, retest your bandwidth.
Either that, or plug in a console and look at the messages as they go past, but this isn't much good if you've a high volume of messages.
If you get a nice long Ethereal file, you can pipe this through Snort to see if there are any malicious anomalies in your network traffic. This is all freeware, so all you need is the time !
What sort of broadcasts are you picking up ? These are normal, yes, but too many of them may indicate a faulty network card somewhere on your network, so if you've one host that is being too chatty, turn it off, retest your bandwidth.
ASKER
Dear Tim,
I have a huge Ethereal file, but as u mentioned about "snort", how can i manage these info with snort?
I have a huge Ethereal file, but as u mentioned about "snort", how can i manage these info with snort?
You can 'replay' the Ethereal file through Snort. A Win32 version is available from www.snort.org. It's an IDS, so will detect suspicious activity / worms and will report it.
ASKER
I used Ethereal , and found broadcast traffic whole network.
consider 192.168.1.0 is our network, i found packets broadcasted to 192.168.1.255
and also broadcasted to 255.255.255.255 , that means packets are broadcasting to all addresses.
Can you please tell me this might be the problem ??
consider 192.168.1.0 is our network, i found packets broadcasted to 192.168.1.255
and also broadcasted to 255.255.255.255 , that means packets are broadcasting to all addresses.
Can you please tell me this might be the problem ??
You cannot monitor PIX through Syslog if you are within the network!!!
Youed have to use Syslog because switches tend to filter ALL traffic not intended to you and the broadcasts you may get are FFFFFFFFFF physical addresses intended for queries...
Cyber
Youed have to use Syslog because switches tend to filter ALL traffic not intended to you and the broadcasts you may get are FFFFFFFFFF physical addresses intended for queries...
Cyber
Broadcast traffic is normal to some extent, but just how much broadcast traffic does Ethereal say you are receiving, and what TCP/UDP port is involved ?
ASKER