Sonicwall firewall Connections monitor feature

Good morning All,

I am exploring the connections monitor feature in my sonicwall firewall. I am doing this since my ISP is stating that my bandwidth is used 100% all the time so I wanted to check if there was a device in my network using all bandwidth.

I called Sonicwall support and they introduced me to a feature called Connections monitor and we found out that there was a device utilizing a ton of bandwidth. Attached is what we saw.

The support technician recommended me to look at the Tx Bytes column. The value that we saw for the particular device was 33632894 which is translated by my calculations to about 33 MB.

I am kind of confuse on how to put this value in practical terms and come up with the answer of how much bandwidth this device is using?

We have a 50 Mbps total bandwidth, does this means that the device is trying to use 33MB of the entire bandwidth?

I am having some trouble picturing this on my mind.

Please help.

Also if there other method to look at this in simpler terms let me know.

Thank you a ton
Sonicwall-traffic.png
LuiLui77Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Tony GiangrecoConnect With a Mentor Commented:
It means that device has send 33 megs of data which is a lot. I suggest checking that device. track it down by it's IP. I suggest someone is downloading or sending a ton of data from that Pc. Could be spam from a virus or spyware, could be a user sending toms of email out or a rogue app sending info out that you are not aware of.

Here is a comprehensive Checklist I use when checking on any device like that:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
Tony GiangrecoCommented:
I forgot to mention, we have a TZ210w from Sonicwall and have run through the same process tracking devices down, stopping hacking attempts, firmware upgrades.... It a big area to learn.
0
 
LuiLui77Author Commented:
Thank you guys for your comments, I have found out that this device is our DPM server which is replicating information with our secondary DPM server in the cloud.

This explains the amount of data, but how can I relate this number of 33 MB to the amount of bandwidth that is consuming at any given time?

I guess that if I can get the period of time that this device took to transfer this amount of data I would be able to come up with how many Megs this device is transmitting every second.

Please enlighten me.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Tony GiangrecoCommented:
That information would only be available in one of those servers if that information was logged and available for you to find.

Any other info we can provide on this question?
0
 
Greg HejlPrincipal ConsultantCommented:
The computer/device that is using up your bandwidth is part of an active botnet.  SonicOS 6.1 has alot of new features, one of which is botnet detection.

it would be interesting to analyze some of the traffic
0
 
Tony GiangrecoCommented:
It sounds like they have already identified the system that's using the bandwidth and it also appears to be normal. They just didn't realize it was using that much bandwidth.
0
 
Tony GiangrecoCommented:
Have we answered your question?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.