?
Solved

ping packet loss

Posted on 2012-09-07
11
Medium Priority
?
2,193 Views
Last Modified: 2012-09-20
I am running windows server 2008 R2.  I have 2 servers, one is an IIS web server and the other is a SQL server.  The SQL Server is fine, but my IIS server every 5 to 12 pings, it looses at least 1 or more packets.The ms is very large, but the ms on the other server is fine, so I know it's not my internet connection.

Dont know exactly when it started doing this, but most of my websites are down because of this.  I restarted the server numerous times and it does the same thing, packet loss continues..

Any direction or help would be much appreciated.
packetloss.PNG
0
Comment
Question by:afacts
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 6

Accepted Solution

by:
Jelcin earned 500 total points
ID: 38378558
Hello,

could you describe the network structure more detailed please? Are those servers hosted at some hosting provider or in your Company network? From where do you ping the servers?
For how long do you see this happening?


This kind of behavior is typical for DDOS attacks where the internet connection of a server is beeing overutilized thus the response time of the server gets very high or the server cannot respond at all. In your atached file you have response time of several hundred ms which is very very high. Normal would be response time of max 100ms.
0
 

Author Comment

by:afacts
ID: 38378566
I will reply with more details tomorrow might.
0
 
LVL 2

Assisted Solution

by:rumytaulu
rumytaulu earned 1000 total points
ID: 38379365
Could you run a :

netstat -a

on a command prompt and post the result here too? might be a trojan/malware hijacking your connection, netstat will help us find it.

--
rumy
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:afacts
ID: 38380377
I've just attached a copy of the output of netstat -a after I restarted the server, as it was running so slow I had to do something about it.  Since I restarted the server, the ms times is better, still a bit slow, but ok.  I still have dropped packets, "request timed out", i just can't figure out why that is happened, as on my other server,  I don't have any dropped packets, well maybe one every few minutes, but on this server, it's like one every 10 seconds.


A little about my servers, the servers are hosted, and are NOT on our network.  They are on a seperate network than my internal network. I have 2 servers and one is fine, but the other is not, that's where I get all these packet loss.  I have about 15 static IP's on the server.  Running windows server 2008 R2 on both servers.  I tried pinging the servers from both, my work and my house, and I get the same results, dropped packets.  My work and home networks are again totally different networks.  

I actually had a DOS attack 2 years ago, and it was totally different, it was so bad that the data center called me and asked me what am I doing, as his entire bandwidth was being saturated by my server.  So I'm fairly confident that it's not a DOS attack.

The IPs with xxx.xxx are my local server IPs.

Any more direction would be appreciated.
ping.PNG
netstat.txt
0
 

Author Comment

by:afacts
ID: 38385024
Can anyone provide any tips of what I should be looking at that could cause this issue?

I have attached 2 more screenshots with pings from the servers as of 5 minutes ago.
goodserver.JPG
problemserver.JPG
0
 
LVL 2

Assisted Solution

by:rumytaulu
rumytaulu earned 1000 total points
ID: 38385203
1. On your ping result (problemserver.JPG) it seems that your have a good ping time (around 11 ms) yet you still experience RTO.

2. According to your "netstat -a" result you have tons establish (ongoing) outbound web connection which is strange

So I suspect a malware/trojan hijacking your connection, here's what you can do :

a. Install anti trojan/malware (trojanremover or malwarebytes) and scan your system in Normal Mode.
b. After that, boot into Safe Mode (F8 while booting into your Windows machine) and then scan your system again.
c. Reboot into Normal Mode, and see what "netstat -a" gives you this time.

Good luck.

--
rumy
0
 

Author Comment

by:afacts
ID: 38385251
The server is my web server. Is that not normal activity for a Web server?  We have about 30 websites on that server, so is that not normal?
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 500 total points
ID: 38385453
Is the troubled server over a satellite connection. If so, this is what you would see via the first pic you posted in the original question. If I saw this, and new it was satellite, I would make sure the antenna is balanced and the ACU (antenna control Unit) is not causing errors. Satellite looks a lot like the first pick.

The second pick with lower ms return times, looks again like a wifi connection. The ms return time is not consistent, like the wired connection of 14 ms almost every time. The missing packet could in this case could be clocking and synchronization with the wifi connection or RF interference.
0
 

Author Comment

by:afacts
ID: 38396108
No, they both have the exact same internet connection, they are in a data center.  It's probably fiber.  I have up to 20Mbps connectionf or both servers.  The internet connection is NOT wifi or satelite, it's a fiber connection into a data center.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 38397222
then this problem may be a ISP/Cloud based problem. It appears that you  have RF (Radio Frequency) somewhere within your connection. It appears that RF is interferred with. So, this is what you can do...

Snatch up one laptop from the problem child data center and hook it up outside the firewall/gateway. Set the network config settings to auto and let the populate from your ISP. Now see if the times still look fowl.
0
 

Author Closing Comment

by:afacts
ID: 38418562
Thanks guys for your help, the problem was with a security software that one of my co-workers installed on the server, that causing the droped packets.  As soon as the service was stopped, everything is good now,
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question