Strange Looking Packet Capture

Below are screenshots from a packet capture from Wire Shark.  We have two managed switches that are currently set to shutdown any suspected port of a DOS attack.  We have witnessed the switch shutting down the WAN port numerous times.  If we disable the DOS port check in the switches than eventually our ISP will shutdown our internet service.  

We began by blaming malware for this and have done numerous scans of every desktop with multiple products and have found no infections.

The UDP packets that are outbound have check sum errors and the Inbound UDP packets are fine.

Any ideas?
Who is Participating?
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
Doesn't the local IP address tell you which machine they are coming from?  Have you tried TCPView and/or Process Explorer to identify the program that is doing this?

It is the goal of the malware and virus writers to create a program that is not identified as a virus or malware.  Anti-virus and anti-malware authors are always playing catch-up to identify and eliminate the new programs.
gurutcConnect With a Mentor Commented:
Also, if you don't have too many local PCs you can try shutting them down one at a time to see if that stops the flood.

- gurutc
MPATechTeamAuthor Commented:
These were helpful in tracking down the trouble.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.