Solved

TCP Bandwidth hog - Out of Order & Retransmission packets

Posted on 2014-04-24
7
738 Views
Last Modified: 2014-04-28
I have one user who when they connect to the VPN at home or connect their laptop to a remote office location (which has VPN tunnel appliance to appliance setup) they are creating a bottleneck of TCP traffic - almost 1MB/min back and forth to the server - most of which is TCP Out of Order or TCP Retransmission packets.  I've played with MTU on her laptop and that doesn't seem to do anything.  Thought it was tied to her wireless adapter but tested with card disabled and on LAN line and still same issue.  Attached you can see the packets - that is all within 2 seconds.  All our VPN users share a 3MB upload from the server - so this is really taking a chunk of bandwidth from all the other VPN/Remote users (10-15 of them).   Does anyone have ANY ideas??
Sharon-Traffic.jpg
0
Comment
Question by:VersaliftEast
  • 3
  • 3
7 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
One very likely explanation is that the user has a virus that is sending traffic out.

It could be Windows Updates and/or Antivirus updates causing this, but this traffic would diminish in time.

Check the machine thoroughly for malware and viruses.
0
 

Author Comment

by:VersaliftEast
Comment Utility
I did run a full scan with our business AVG AV and also a bitdefender.  neither found anything.   That was my 1st thought too.  I don't see anything weird running in the processes list in the task manager.   Do you have any AV/MW tools you usually use that I should look into instead?  This has been going on for weeks now.
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
Comment Utility
With respect to viruses, you can run Malwarebytes (malwarebytes.org). AVG is decent but not the best antivirus suite.

Another thing to try is to set up a different Windows User Account (Profile) and set up VPN in the new profile. Does traffic occur in the new profile?  It could be profile corruption causing the problem.

Outlook OST lives in the user account. Is it syncing (caching) properly?  Again, a different Windows Profile will help narrow this down.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:VersaliftEast
Comment Utility
Thanks John I will try the new profile option and see what happens there.  Its hard as she doesn't have much down time so not sure when I will get to try this.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Did you try to analyze to which paths the CIFS request (port 445) went? If they are different, a new profile should help much (as no tries to contact different network paths should be made then).
0
 

Author Closing Comment

by:VersaliftEast
Comment Utility
It did end up being a corrupt profile.  Had issues removing the domain profile completely and adding it back in - a few files from the old profile did not want to be removed.  But finally was successful and no more crazy bandwidth hogging the VPN tunnels!  Thank you!
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@VersaliftEast - Thank you for the update and I was happy to help.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now