[nflug] Help- At a Loss
justin.bennett at dynabrade.com
justin.bennett at dynabrade.com
Mon Aug 11 14:17:43 EDT 2008
I took a dump (using ngrep) of 57000 packets brought it into excel, and
did find one infected box sending out 1/2 the packets, but I think it's
not the problem, I shut the box down and had no difference. I thought that
two, but I am going one box at a time and we'll see if we can find the
culprit then manybe find out why.
thanks for the replies to give me something to look for.
"Brad Bartram" <brad.bartram at gmail.com>
Sent by: nflug-bounces at nflug.org
08/11/2008 02:11 PM
Please respond to
nflug at nflug.org
To
nflug at nflug.org
cc
Subject
Re: [nflug] Help- At a Loss
Check for the existence of malware on the windows boxes. Grab a tcp
dump of the network traffic closest to one of the affected nodes and
see if there's anything there that shouldn't be.
Brad
On Mon, Aug 11, 2008 at 2:02 PM, Cyber Source <peter at thecybersource.com>
wrote:
> The first thing that comes to mind are these;
> 1. Duplicate MAC address on the network ?
> 2. Bad termination of an RJ45?
> 3. Some windows box gone hay wire?
>
> justin.bennett at dynabrade.com wrote:
>>
>> Hey guys,
>>
>> This is a little off topic, but I need some help. I'm
experiencing
>> some packet loss on an internal network at one of our remote locations.
I
>> don't understand why, It's network wide, if I try to ping a windows
server
>> from a local desktop, I'll loose between 6-19% of the packets, If I
ping one
>> server from another, or desktop to desktop, I get packet loss, so bad
it's
>> affecting the performance of the network to the point where DNS lookups
fail
>> and sites can't be reached. I thought it was the network switch there,
but I
>> had him replace it with a new one, (different brand) same problem. Is
there
>> anything that may be causing this? I'm looking for thoughts at the
moment.
>> Basically it's windows XP clients doing DHCP to a Linux box running
samba as
>> a file server, and the a Windows 2003 server as their application
system.
>>
>> Thanks
>> Justin
>>
>>
------------------------------------------------------------------------
>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20080811/8a46bc5a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 8150 bytes
Desc: not available
Url : http://www.nflug.org/pipermail/nflug/attachments/20080811/8a46bc5a/attachment.gif
More information about the nflug
mailing list