Solved

TCP Bandwidth hog - Out of Order & Retransmission packets

Posted on 2014-04-24
7
793 Views
Last Modified: 2014-04-28
I have one user who when they connect to the VPN at home or connect their laptop to a remote office location (which has VPN tunnel appliance to appliance setup) they are creating a bottleneck of TCP traffic - almost 1MB/min back and forth to the server - most of which is TCP Out of Order or TCP Retransmission packets.  I've played with MTU on her laptop and that doesn't seem to do anything.  Thought it was tied to her wireless adapter but tested with card disabled and on LAN line and still same issue.  Attached you can see the packets - that is all within 2 seconds.  All our VPN users share a 3MB upload from the server - so this is really taking a chunk of bandwidth from all the other VPN/Remote users (10-15 of them).   Does anyone have ANY ideas??
Sharon-Traffic.jpg
0
Comment
Question by:VersaliftEast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 40019938
One very likely explanation is that the user has a virus that is sending traffic out.

It could be Windows Updates and/or Antivirus updates causing this, but this traffic would diminish in time.

Check the machine thoroughly for malware and viruses.
0
 

Author Comment

by:VersaliftEast
ID: 40019957
I did run a full scan with our business AVG AV and also a bitdefender.  neither found anything.   That was my 1st thought too.  I don't see anything weird running in the processes list in the task manager.   Do you have any AV/MW tools you usually use that I should look into instead?  This has been going on for weeks now.
0
 
LVL 94

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40019982
With respect to viruses, you can run Malwarebytes (malwarebytes.org). AVG is decent but not the best antivirus suite.

Another thing to try is to set up a different Windows User Account (Profile) and set up VPN in the new profile. Does traffic occur in the new profile?  It could be profile corruption causing the problem.

Outlook OST lives in the user account. Is it syncing (caching) properly?  Again, a different Windows Profile will help narrow this down.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:VersaliftEast
ID: 40019994
Thanks John I will try the new profile option and see what happens there.  Its hard as she doesn't have much down time so not sure when I will get to try this.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40022117
Did you try to analyze to which paths the CIFS request (port 445) went? If they are different, a new profile should help much (as no tries to contact different network paths should be made then).
0
 

Author Closing Comment

by:VersaliftEast
ID: 40027080
It did end up being a corrupt profile.  Had issues removing the domain profile completely and adding it back in - a few files from the old profile did not want to be removed.  But finally was successful and no more crazy bandwidth hogging the VPN tunnels!  Thank you!
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40027367
@VersaliftEast - Thank you for the update and I was happy to help.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question