Solved

Sonicwall firewall Connections monitor feature

Posted on 2014-04-11
7
359 Views
Last Modified: 2014-04-28
Good morning All,

I am exploring the connections monitor feature in my sonicwall firewall. I am doing this since my ISP is stating that my bandwidth is used 100% all the time so I wanted to check if there was a device in my network using all bandwidth.

I called Sonicwall support and they introduced me to a feature called Connections monitor and we found out that there was a device utilizing a ton of bandwidth. Attached is what we saw.

The support technician recommended me to look at the Tx Bytes column. The value that we saw for the particular device was 33632894 which is translated by my calculations to about 33 MB.

I am kind of confuse on how to put this value in practical terms and come up with the answer of how much bandwidth this device is using?

We have a 50 Mbps total bandwidth, does this means that the device is trying to use 33MB of the entire bandwidth?

I am having some trouble picturing this on my mind.

Please help.

Also if there other method to look at this in simpler terms let me know.

Thank you a ton
Sonicwall-traffic.png
0
Comment
Question by:LuiLui77
  • 5
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 39994596
It means that device has send 33 megs of data which is a lot. I suggest checking that device. track it down by it's IP. I suggest someone is downloading or sending a ton of data from that Pc. Could be spam from a virus or spyware, could be a user sending toms of email out or a rogue app sending info out that you are not aware of.

Here is a comprehensive Checklist I use when checking on any device like that:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994606
I forgot to mention, we have a TZ210w from Sonicwall and have run through the same process tracking devices down, stopping hacking attempts, firmware upgrades.... It a big area to learn.
0
 

Author Comment

by:LuiLui77
ID: 39994707
Thank you guys for your comments, I have found out that this device is our DPM server which is replicating information with our secondary DPM server in the cloud.

This explains the amount of data, but how can I relate this number of 33 MB to the amount of bandwidth that is consuming at any given time?

I guess that if I can get the period of time that this device took to transfer this amount of data I would be able to come up with how many Megs this device is transmitting every second.

Please enlighten me.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994828
That information would only be available in one of those servers if that information was logged and available for you to find.

Any other info we can provide on this question?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39996052
The computer/device that is using up your bandwidth is part of an active botnet.  SonicOS 6.1 has alot of new features, one of which is botnet detection.

it would be interesting to analyze some of the traffic
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39996062
It sounds like they have already identified the system that's using the bandwidth and it also appears to be normal. They just didn't realize it was using that much bandwidth.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40001364
Have we answered your question?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot access HTTPS or HTTP sites through EasyVPN site to site tunnel 3 52
Watchguard XTM 2 84
By pass website on ASA for Websense 4 85
Website Issue 10 83
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question