Solved

Slow Network Traffic, Internet, Exchange, Outlook, and AVG antivirus

Posted on 2008-06-25
15
600 Views
Last Modified: 2013-12-04
Several issues going on here.
Our backbone consists of 2 3com Switch 4400's 48 port's each connected via a backplane kit.  10/100
We have 7 MIcrosoft 2003 Server's all with latest service patches etc...
Exchange 2003 Server SP2 on its own box with 65 users

We have a Dedicated full T1 of internet with a Watchguard Firebox III 700 device

Recently we have been experiencing a lot of slowness of network traffic.  From not being able to get out on the internet, to outlook telling is it is trying to connect to the Exchange server connecting and then going thru that process several times througout the day.

I have looked thru the logs on the Firewall and I see a lot of HTTP traffic going out but that's about it.  Nothing out of the ordinary at least.  The traffic on the physical switches seems to be relatively standard as well however they are about 7 years old.

Ideas?  HELP!
0
Comment
Question by:justingrantiv
  • 8
  • 5
  • 2
15 Comments
 
LVL 3

Expert Comment

by:pjnofrills
Comment Utility
Does the slowness seem worse for users connected to one particular switch?
0
 

Author Comment

by:justingrantiv
Comment Utility
no it is random across the board.  Today x user will have major problems with it and tomorrow it's someone else.  Some days it's everyone.
0
 
LVL 2

Expert Comment

by:Salman4u_k
Comment Utility
well.....unknown http traffic is going out side means that some of your computers are infected with viruses in your organization because your computers are broad casting unnecessary traffic to the internet or in your organization which will make your network totally busy and slow. offcourse its very difficult to trace out the clients which are broadcasting  in your  organization. first update your clients from microsoft side with new security patches. and update your anti virus with new virus defination. scan your computers in safe mode or disable your network card and do scan in normal mode. other way is to  plug out your all cables from switch except your modem or firewall device and plug the cable of one client and check the network traffic from firewall monitoring or third party monitoring software if current computer is not generating any unnecessary traffic then connect another computer and check it again from monitoring software. if any computer you plugged generating network flood or broadcasting to network plugge it out the cable and scan with antivirus or update with service pack or security patches.
if your clients are not up-to-date from microsoft or third party antiviruse then network flood or broadcasting will slow down your network and creating problems.

Thanks
0
 

Author Comment

by:justingrantiv
Comment Utility
We have had Symantec Corporate loaded on all workstations for 5 years.  We changed to AVG network edition 3 months ago as the new version of Symantec Corp. SUCKS.  All machines also run all of their Windows updated nightly and we run a virus definition check every hour.  Needless to say we have run scans on all the workstations and servers and we have found nothing anywhere with any of that.  Unplugging everything and plugging in one by one is an option but man that will take forever as there are 65 plus devices on the network.

Any good network monitoring software that anyone recommends that is free / inexpensive?
0
 
LVL 3

Expert Comment

by:pjnofrills
Comment Utility
Did you use your free trial of 3Com Network Supervisor software yet?  That should have come w/ the switches.  Other than that I have heard Look@LAN Network Monitor is decent:

http://www.snapfiles.com/get/lanlook.html
0
 
LVL 2

Expert Comment

by:Salman4u_k
Comment Utility
Well dear i face the same problem 7, 8 years before...Network is very slow and broadcast unknow traffic...
May be your DNS Issue. is your DNS working properly in your organization. check the event logs. network is slow because it is not resolving the names and queries from server. when your clients are logging and authenticate from AD Server is it take long time to authenticate..??!!!.  From client side you can type nslookup and see is it showing your server.domainname.com. again type nslookup server.domainame.com. and check how much it will take time to resolve, if not resolving then its your dns issue.
Else
may be  some attacks are coming from outside to your dns server. can you unplug your all clients cable and see your server network card lights are continue blinking or not but internet connection is active on your server. you have to do this other wise it will never clear that from where the unnessary network traffic is coming.

one thing more Can you or it is possible to change your anti virus to Endpoint Protection 11 .

Thanks
0
 

Author Comment

by:justingrantiv
Comment Utility
Logon is very fast.  Dns resolves very quickly both internally and externally.

The latest thing I have been able to find is that all users that are having the problem if they Ipconfig /release and then ipconfig /renew they start working again.  The machines get the exact same ip information but they start working.

Endpoint Protection 11 - NO  I've used that at other clients and it uses WAY too many resources for one program.  We have version 10 of Symantec on the pc's here.  We loaded AVG 8.0 Network Edition and it has actually caught things that Symantec never did and the pc's response / individual speed has increased with less CPU utilization just from removing Symantec.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Expert Comment

by:Salman4u_k
Comment Utility
well you mean when u release your ip and renew it the machine is working perfectly. so do one more thing flush the dns on client and register it again. and see what happen...
here is the command if you dont know.
ipconfig /flushdns
and then
ipconfig /registerdns
0
 

Author Comment

by:justingrantiv
Comment Utility
Did the flush about an hour ago and it "lost" connection again after about 45 minutes.  Same results.  release / renew / flush / register and its working yet again.  Never physically loose network connections however.  I can ping internal things by ip address.  Can't ping the external address when the "connection" is down but i normally can whenever everything is working.

0
 
LVL 2

Expert Comment

by:Salman4u_k
Comment Utility
can you tell me one thing did you recently change your switch. or you have your setup on 3 com switch from begnning.
if you recently change your switch and getting this issue, then do one thing for testing purpose you have to take another brand swtich and connect that switch on your network and put your clients on that switch with server. and test  and see the result if there is any difference..!!!!
because now a days 3com switch has manufacturing faults.
0
 

Author Comment

by:justingrantiv
Comment Utility
this 3com has been in place for 6 or 7 years.  I did order 2 new Switches to replace these that should be here on Monday that are Gigabit switches
0
 
LVL 2

Accepted Solution

by:
Salman4u_k earned 500 total points
Comment Utility
which brand did you order.????...
Well I recommened first Cisco Switch and then Linksys switch.?

but not 3com.
when you upgrade your switches to gigabit may be it will solve your problem.
one more reason may be your switches are broadcasting the traffic.
well see the issue when you will change your switches.



0
 

Author Comment

by:justingrantiv
Comment Utility
We ordered Dell as everything we have here now is Dell from the rack, to the printers, to all the servers.  Only thing that wasn't was the 3com switches and we also have 3 Proxim wireless Access units which seem to work flawlessly.

They came in however there is some major deadline that i can't take the network down for this evening so i won't be able to put them in today.
0
 

Author Comment

by:justingrantiv
Comment Utility
Problem solved.  Ended up being a print server that had the wrong default gateway in it.  This print server has been on our network for 5 years or more.  We changed our default gateway over 3 years ago.  Why it just started causing an issue who knows.  The machines when they lost their ip address looked to that print server deep down in the IP logs / tables whatever the  heck it is that the reporting tool microsoft sent me to use.  IPconfig / all showed the dhcp server as our real dhcp server.

Totally WEIRD.
0
 

Author Closing Comment

by:justingrantiv
Comment Utility
Problem actually ended up being a print server that had dhcp enabled on it still.  It was causing major issues
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now