Dec 9, 2011

Computer Generating Packets in The Trillions?

As many of you know, I have spent the last two weeks posting articles for One of the articles I posted was on a review of a really cool cloud packet analyzer called Cloudshark. I'm currently using Cloudshark along with some other tools like Dumpcap, Wireshark and Microsoft Network Monitor to troubleshoot intermittant network "hiccups" at my company.

Apparently my post about Cloudshark gave one Systems Administrator an idea of how he might be able to track down a problem he's been having. After the article, he sent an email to Karl Gechlik of AskTheAdmin who forwarded it to me. Here is the email:

Hi there, this article is in reference to El Di Pablo’s article on Cloudshark, he states that he was having a “network issue once a week randomly”. I have been the network/systems admin for Biflex for 5 years, and after reading your article, was wondering if your issue relates to an excessive amounts of packets – an issue I’ve been experiencing randomly on their network. Here’s a video of what I am referring to- [SEE BELOW] . The packet counts goes into the trillions! I was wondering if Cloudshark could help?

Anthony Oren

New York

Here is the video he mentioned, watch how this one computer is generating trillions of packets!

I honestly have not seen that before. It's certainly not what is happening in my environment. The first thing that comes to mind is possible malware, but I find that answer is usually a cop out. Another thing I'm thinking that could cause that is a mis-configured NIC. Anthony says the following under the information for the video:

Just wanted to know if anyone ever seen or heard about something like this?

All computers are running same desktop computer (HP DX5150 Business PC and Windows XP SP2). Latest patches and definitions applied. Running a firewall with SPI and other security.
As you can see the packet size goes into the trillions++.

This issue is largely unnoticed by anyone in the company (clueless PC users) but it does happen to everyone at random times on my Local Area Network. The only solution is to reboot the user's PC because HP has been working with me on this for 2 months and none of their solutions have fixed this issue. Speaking to some network techs they suggested one possible reason is that something is broadcasting itself on the network and it creates a lot of useless traffic on the network. Another reason is some kind of virus that's just going around and around from switch to switch.

I'm sure running a packet analyzer on one of the workstations while it's generating packets like this could help Anthony, or at least give him some insight on what's going on. Have any of you seen this before? Got any clues as to what might be happening here? Let us know in the comments. tags:          


Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam