Unusual Amount of NETBIOS traffic over my network!
Thanks in advance for any help given!
I have a small network for my small IT business consisting of a server and around 4 pcs!
I have noticed in the last day or two slower than usual general network and internet speeds!
I have been using a program which i have used before on the server which is PTGR Traffic Grapher, which i have found usefull in the past.
Upon looking into this i noticed at seemingly irregular intervals there is massive amounts of netbios data running through the system, and i mean massive, in one case up to a 1GB in a 5 min time slot. Now i am working on what this could be but does anyone have any ideas of tools i can use to more specifically locate the problem or even what the problem could be, im 99% sure its a virus somewhere and im currently runinng a full site scan. Ill let you know how this goes!
you can see the traffic log here if you would like:
http://crossbox.net.au:6969/help.htm
Look at the netbios traffic amounts in certain sections.
Just on another note i installed Microsofts CRM 3.0 the otherday just for some testing, but i cant imagine that this is anything to do with it.
Again thanks for the help.
I have a small network for my small IT business consisting of a server and around 4 pcs!
I have noticed in the last day or two slower than usual general network and internet speeds!
I have been using a program which i have used before on the server which is PTGR Traffic Grapher, which i have found usefull in the past.
Upon looking into this i noticed at seemingly irregular intervals there is massive amounts of netbios data running through the system, and i mean massive, in one case up to a 1GB in a 5 min time slot. Now i am working on what this could be but does anyone have any ideas of tools i can use to more specifically locate the problem or even what the problem could be, im 99% sure its a virus somewhere and im currently runinng a full site scan. Ill let you know how this goes!
you can see the traffic log here if you would like:
http://crossbox.net.au:6969/help.htm
Look at the netbios traffic amounts in certain sections.
Just on another note i installed Microsofts CRM 3.0 the otherday just for some testing, but i cant imagine that this is anything to do with it.
Again thanks for the help.
ASKER
Sorry my mistake
PRTG Traffic Grapher
CIFS, Is that linux orientated???
PRTG Traffic Grapher
CIFS, Is that linux orientated???
No, CIFS is the same protocol as Microsoft Windows uses for shares.
I've looked to default sensors of PRTG. Yes NETBIOS also includes SMB traffic (file transfers).
So you have large file transfers.
So you have large file transfers.
Try for SASSER Virus, very old and headache maker, If u have a firewall. block ports used by before mention.
http://www.microsoft.com/isaserver/support/prevent/sasser.mspx
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39012
You mention a server??. can you tell us what kinda server? NAT W2k3, RRAS?.. u kow, whatever is your gateway is probably logging the local traffic...
if u find such logs, only 5-6 lines of abnormal traffic would be enough to identify the problem...
CKWT
http://www.microsoft.com/isaserver/support/prevent/sasser.mspx
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39012
You mention a server??. can you tell us what kinda server? NAT W2k3, RRAS?.. u kow, whatever is your gateway is probably logging the local traffic...
if u find such logs, only 5-6 lines of abnormal traffic would be enough to identify the problem...
CKWT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Probably 'NETBIOS' traffic also includes CIFS file transfers, so you have large file transfers in your LAN.
To be shure, use some other program with 'TCP' port numbers or find what exactly included in 'NETBIOS' column.