network Utilization is spiking on SBS2003

Posted on 2011-10-30
Last Modified: 2012-05-12
Hi Experts,

We have a SBS2003 dell server. I was told that server has been slow and i ahve found out that network utilization is spiking sometimes to 50%.  
we have recently put trend micro worry free 7 antivirus on the server and client machines. So dont know if something to do with with  that.
I have put wireshark to see what is going on. I can see alot of errors on SMB prootcol but not sure what that could be. I am attaching the screenshot of wireshark.

Any help me with this will be appreciated as i am stumped on this.

Rafi wireshark
Question by:Rafi001
    LVL 77

    Expert Comment

    by:Rob Williams
    Make sure you have Trend fully patched with updates. There were a lot of problems with Ver 7.x on SBS to the extent most people were reverting back to 6.x it, but that was a few months ago, I assume that has be resolved with updates.

    It does look rather "chatty" however there is a lot of SMB traffic within a typical SBS network anyway. Is the excessive SMB traffic limited to these 3 devices (, .231, & 232? or between most devices?

    Author Comment

    Hi RobWill,

    Thanks for your comments. I have put the latest patch on the server for trend micro. I assume that i dont have to install any patches on the client side manually. This hasn't help me reducing the server high network utilization.
    This is a small network anyway with 10 clients and there is SMB traffic from other clients as well. but these IP's show mostly in the network scan. I was thinking if there is some sort of virus on the network?
    LVL 77

    Expert Comment

    by:Rob Williams
    A virus is a possibility. That is why I was asking if it was primarily a couple of PC's causing the traffic.
    Then again Virus scanning when coupled with Trend Management does quite a bit of "chatting" as well.

    Author Comment

    Thanks RobWill,

    I will check again in more detail and will get back to you with observation.

    LVL 77

    Accepted Solution

    If you suspect a PC you might want to run more than just Trend as a clean up. Perhaps TDSSkiller to check for RootKts and Malwarebytes for Spyware.

    Author Closing Comment

    After running the scan of malware bytes and stinger from mcafee, the viruses were removed and system seems to be working fine now.
    Thanks for all your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Do you think that WordPress is just for blogs?  Think again!  WordPress is really a fantastic all around platform that you can use to develop websites on.  Integrated into its basic functionality is the ability to create pages using your choice of a…
    If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
    The purpose of this video is to demonstrate how to insert an Iframe into WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: : Open Page or Post…
    The purpose of this video is to demonstrate how to set up an RSS Feed on a WordPress Website. This will be demonstrated using a Windows 8 PC. Feedburner will be used for this demonstration. Go to your WordPress login page. This will look like the…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now