Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

TCP Bandwidth hog - Out of Order & Retransmission packets

Posted on 2014-04-24
7
Medium Priority
?
878 Views
Last Modified: 2014-04-28
I have one user who when they connect to the VPN at home or connect their laptop to a remote office location (which has VPN tunnel appliance to appliance setup) they are creating a bottleneck of TCP traffic - almost 1MB/min back and forth to the server - most of which is TCP Out of Order or TCP Retransmission packets.  I've played with MTU on her laptop and that doesn't seem to do anything.  Thought it was tied to her wireless adapter but tested with card disabled and on LAN line and still same issue.  Attached you can see the packets - that is all within 2 seconds.  All our VPN users share a 3MB upload from the server - so this is really taking a chunk of bandwidth from all the other VPN/Remote users (10-15 of them).   Does anyone have ANY ideas??
Sharon-Traffic.jpg
0
Comment
Question by:VersaliftEast
  • 3
  • 3
7 Comments
 
LVL 100

Expert Comment

by:John Hurst
ID: 40019938
One very likely explanation is that the user has a virus that is sending traffic out.

It could be Windows Updates and/or Antivirus updates causing this, but this traffic would diminish in time.

Check the machine thoroughly for malware and viruses.
0
 

Author Comment

by:VersaliftEast
ID: 40019957
I did run a full scan with our business AVG AV and also a bitdefender.  neither found anything.   That was my 1st thought too.  I don't see anything weird running in the processes list in the task manager.   Do you have any AV/MW tools you usually use that I should look into instead?  This has been going on for weeks now.
0
 
LVL 100

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40019982
With respect to viruses, you can run Malwarebytes (malwarebytes.org). AVG is decent but not the best antivirus suite.

Another thing to try is to set up a different Windows User Account (Profile) and set up VPN in the new profile. Does traffic occur in the new profile?  It could be profile corruption causing the problem.

Outlook OST lives in the user account. Is it syncing (caching) properly?  Again, a different Windows Profile will help narrow this down.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:VersaliftEast
ID: 40019994
Thanks John I will try the new profile option and see what happens there.  Its hard as she doesn't have much down time so not sure when I will get to try this.
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 40022117
Did you try to analyze to which paths the CIFS request (port 445) went? If they are different, a new profile should help much (as no tries to contact different network paths should be made then).
0
 

Author Closing Comment

by:VersaliftEast
ID: 40027080
It did end up being a corrupt profile.  Had issues removing the domain profile completely and adding it back in - a few files from the old profile did not want to be removed.  But finally was successful and no more crazy bandwidth hogging the VPN tunnels!  Thank you!
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40027367
@VersaliftEast - Thank you for the update and I was happy to help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question