Solved

Sonicwall firewall Connections monitor feature

Posted on 2014-04-11
7
354 Views
Last Modified: 2014-04-28
Good morning All,

I am exploring the connections monitor feature in my sonicwall firewall. I am doing this since my ISP is stating that my bandwidth is used 100% all the time so I wanted to check if there was a device in my network using all bandwidth.

I called Sonicwall support and they introduced me to a feature called Connections monitor and we found out that there was a device utilizing a ton of bandwidth. Attached is what we saw.

The support technician recommended me to look at the Tx Bytes column. The value that we saw for the particular device was 33632894 which is translated by my calculations to about 33 MB.

I am kind of confuse on how to put this value in practical terms and come up with the answer of how much bandwidth this device is using?

We have a 50 Mbps total bandwidth, does this means that the device is trying to use 33MB of the entire bandwidth?

I am having some trouble picturing this on my mind.

Please help.

Also if there other method to look at this in simpler terms let me know.

Thank you a ton
Sonicwall-traffic.png
0
Comment
Question by:LuiLui77
  • 5
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 39994596
It means that device has send 33 megs of data which is a lot. I suggest checking that device. track it down by it's IP. I suggest someone is downloading or sending a ton of data from that Pc. Could be spam from a virus or spyware, could be a user sending toms of email out or a rogue app sending info out that you are not aware of.

Here is a comprehensive Checklist I use when checking on any device like that:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994606
I forgot to mention, we have a TZ210w from Sonicwall and have run through the same process tracking devices down, stopping hacking attempts, firmware upgrades.... It a big area to learn.
0
 

Author Comment

by:LuiLui77
ID: 39994707
Thank you guys for your comments, I have found out that this device is our DPM server which is replicating information with our secondary DPM server in the cloud.

This explains the amount of data, but how can I relate this number of 33 MB to the amount of bandwidth that is consuming at any given time?

I guess that if I can get the period of time that this device took to transfer this amount of data I would be able to come up with how many Megs this device is transmitting every second.

Please enlighten me.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994828
That information would only be available in one of those servers if that information was logged and available for you to find.

Any other info we can provide on this question?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 39996052
The computer/device that is using up your bandwidth is part of an active botnet.  SonicOS 6.1 has alot of new features, one of which is botnet detection.

it would be interesting to analyze some of the traffic
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39996062
It sounds like they have already identified the system that's using the bandwidth and it also appears to be normal. They just didn't realize it was using that much bandwidth.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40001364
Have we answered your question?
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now