try running this Wireshark About also do you have an ISA server in the middle between your network and there default gateway?
i am having problems with loads of trash packets being sent to the default gateway which then slows the network right down. our isp / lea people are saying that they are getting loads of packets from the following address 127.0.0.1
obv this is the address that you ping to check the local nic so i cant just do a quick search for it and then go and kill the device. or is there???
this is causing the network to slow down and causing the internet to freeze and hang also i have noticed lag in exploring the network caused by this back log of packets on the line.
at the moment im switching off a building at a time and then having to call them back to see if they are still getting the packets. this work can only be done out of hours and only till 6pm as they go home so as you can guess this is a very slow!!
does any one know of a faster way of doing this or how i can search to find out where this is coming from??
Last edited by mhchs; 2nd March 2010 at 07:27 PM.
ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??
yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
as for setting up wireshark to look theres a video available Wireshark Introduction
excellent, nice one everybody i will give it a go and post up what i find. thanks
also check your anti-virus server as it may have picked things up that you don't want - but hasn't installed properly on the machine that is sending the packets - also check domain controllers for mass failed login attempts
any luck find the machine?
If you have ISA 2006, as long as you have ISA Server 2006 Supportability Update (KB939455) applied to your ISA server you can use the Log Viewer (Logging tab in Monitoring) to filter and view all traffic in the logs - doesn't have to be live data: just change the Log Time from "Live" to whatever interval you want to examine.
Hi work was mental so i didnt get to do it yesterday. just done my first capture but cant make head nor tail of it i have attached the file can any one make sense of this??
just a quick one this is the reports that our isp is giving us
Inuse Entries: 43 Perm Entries: 0
Pending Entries: 0
Out Request: 14 Out Response: 0
In Request: 156 In Response: 14
Proxy Answered: 0
Rx Error: 0 Dup IP Addr: 0
Rejected count: 5 Rejected IP: 127.0.0.1
Rejected Port: 2 Rejected I/F: bnt-mhh-cu
There are currently 1 users browsing this thread. (0 members and 1 guests)