RFIGOR
asked on
Extra network activity
Greetings:
We are using a ZyXEL 662HW VPN router and ZyXEL G-302 PCI adapters.
We have 5 work stations on the network and all are working well.
All five work stations are running Windows XP Pro.
Problem: Two of the work stations have activity on the little monitor symbol
in the bottom tray. The activity is approx. every 5 sec. for approx. 1 sec.
This activity is with no applications running on any station and none have internet explorer active.
I have looked at the task lists and all are empty.
This activity makes the network slow and intermittent.
How can I tell what is causing this activity?
Thanks, Russ
We are using a ZyXEL 662HW VPN router and ZyXEL G-302 PCI adapters.
We have 5 work stations on the network and all are working well.
All five work stations are running Windows XP Pro.
Problem: Two of the work stations have activity on the little monitor symbol
in the bottom tray. The activity is approx. every 5 sec. for approx. 1 sec.
This activity is with no applications running on any station and none have internet explorer active.
I have looked at the task lists and all are empty.
This activity makes the network slow and intermittent.
How can I tell what is causing this activity?
Thanks, Russ
You can also use fport to see what all applications are listening on ports.
http://www.foundstone.com/knowledge/proddesc/fport.html
It could be some malware/spyware ot could be Automatic Windows Update client trying to access the windows site.
You will be sure of it, only after capturing packets and then comparing the traffic with the processes running.
http://www.foundstone.com/knowledge/proddesc/fport.html
It could be some malware/spyware ot could be Automatic Windows Update client trying to access the windows site.
You will be sure of it, only after capturing packets and then comparing the traffic with the processes running.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>Problem: Two of the work stations have activity on the little monitor symbol
>in the bottom tray. The activity is approx. every 5 sec. for approx. 1 sec.
That is *not* a reliable network diagnostic tool, period.
>This activity makes the network slow and intermittent.
You cannot draw that conclusion from the goofy system tray icons.
Use your firewall or router to monitor your network traffic, if you don't have a managed switch/hub.
Cheers,
-Jon
>in the bottom tray. The activity is approx. every 5 sec. for approx. 1 sec.
That is *not* a reliable network diagnostic tool, period.
>This activity makes the network slow and intermittent.
You cannot draw that conclusion from the goofy system tray icons.
Use your firewall or router to monitor your network traffic, if you don't have a managed switch/hub.
Cheers,
-Jon
Sounds like good old netbios (AKA WINS) traffic on those two machines.
Perhaps someone forgot to disable lmhosts?
Perhaps someone forgot to disable lmhosts?
Download and install DUMeter (www.dumeter.com) and use it to monitor the bandwidth used by the machines in question. If it's what I suspect it is, you'll see less than 2k pop up about once every 5-10 seconds. That's just XP checking to see if anyone else is around, and letting others know it's around. The slow and intermittent thing sounds more like the cards are on the edge of the viable signal path, or are receiving interference from another nearby access point on the same channel.
>Sounds like good old netbios (AKA WINS) traffic on those two machines.
>Perhaps someone forgot to disable lmhosts?
Who knows? Could be anything if all you're using is system tray icons.
To everyone who keeps suggesting host-based monitoring tools:
How is that going to work if the network is switched?
Answer:
It's not, unless the software is installed on *every* machine - while this may work for a network of 5 machines, it's still more work than simply monitoring the edge device (which is where the bottleneck is anyway), and is utterly unscalable.
Monitor the edge device - if it can't be monitored, spend more than $10 on edge device.
Cheers,
-Jon
>Perhaps someone forgot to disable lmhosts?
Who knows? Could be anything if all you're using is system tray icons.
To everyone who keeps suggesting host-based monitoring tools:
How is that going to work if the network is switched?
Answer:
It's not, unless the software is installed on *every* machine - while this may work for a network of 5 machines, it's still more work than simply monitoring the edge device (which is where the bottleneck is anyway), and is utterly unscalable.
Monitor the edge device - if it can't be monitored, spend more than $10 on edge device.
Cheers,
-Jon
use DUmeter
Wrathyimp,
Did you even read my post (and its relevant concerns)? You do realize that you are simply duplicating previous advice without giving credit?
>>To everyone who keeps suggesting host-based monitoring tools:
>>How is that going to work if the network is switched?
>use DUmeter
Ridiculous.
Cheers,
-Jon
Did you even read my post (and its relevant concerns)? You do realize that you are simply duplicating previous advice without giving credit?
>>To everyone who keeps suggesting host-based monitoring tools:
>>How is that going to work if the network is switched?
>use DUmeter
Ridiculous.
Cheers,
-Jon
Thanks RFIGOR,
--Rob
--Rob
http://www.ethereal.com/
give that a shot should give you clues to were the traffic is comming from.
Thanks
scott