?
Solved

Sonicwall firewall Connections monitor feature

Posted on 2014-04-11
7
Medium Priority
?
369 Views
Last Modified: 2014-04-28
Good morning All,

I am exploring the connections monitor feature in my sonicwall firewall. I am doing this since my ISP is stating that my bandwidth is used 100% all the time so I wanted to check if there was a device in my network using all bandwidth.

I called Sonicwall support and they introduced me to a feature called Connections monitor and we found out that there was a device utilizing a ton of bandwidth. Attached is what we saw.

The support technician recommended me to look at the Tx Bytes column. The value that we saw for the particular device was 33632894 which is translated by my calculations to about 33 MB.

I am kind of confuse on how to put this value in practical terms and come up with the answer of how much bandwidth this device is using?

We have a 50 Mbps total bandwidth, does this means that the device is trying to use 33MB of the entire bandwidth?

I am having some trouble picturing this on my mind.

Please help.

Also if there other method to look at this in simpler terms let me know.

Thank you a ton
Sonicwall-traffic.png
0
Comment
Question by:LuiLui77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 2000 total points
ID: 39994596
It means that device has send 33 megs of data which is a lot. I suggest checking that device. track it down by it's IP. I suggest someone is downloading or sending a ton of data from that Pc. Could be spam from a virus or spyware, could be a user sending toms of email out or a rogue app sending info out that you are not aware of.

Here is a comprehensive Checklist I use when checking on any device like that:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994606
I forgot to mention, we have a TZ210w from Sonicwall and have run through the same process tracking devices down, stopping hacking attempts, firmware upgrades.... It a big area to learn.
0
 

Author Comment

by:LuiLui77
ID: 39994707
Thank you guys for your comments, I have found out that this device is our DPM server which is replicating information with our secondary DPM server in the cloud.

This explains the amount of data, but how can I relate this number of 33 MB to the amount of bandwidth that is consuming at any given time?

I guess that if I can get the period of time that this device took to transfer this amount of data I would be able to come up with how many Megs this device is transmitting every second.

Please enlighten me.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994828
That information would only be available in one of those servers if that information was logged and available for you to find.

Any other info we can provide on this question?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39996052
The computer/device that is using up your bandwidth is part of an active botnet.  SonicOS 6.1 has alot of new features, one of which is botnet detection.

it would be interesting to analyze some of the traffic
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39996062
It sounds like they have already identified the system that's using the bandwidth and it also appears to be normal. They just didn't realize it was using that much bandwidth.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40001364
Have we answered your question?
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question