Internet Related/Filtering/Firewall Thread, keep getting loads of packets addressed to127.0.0.1 in Technical; Hi
i am having problems with loads of trash packets being sent to the default gateway which then slows the ...
keep getting loads of packets addressed to127.0.0.1
Hi
i am having problems with loads of trash packets being sent to the default gateway which then slows the network right down. our isp / lea people are saying that they are getting loads of packets from the following address 127.0.0.1
obv this is the address that you ping to check the local nic so i cant just do a quick search for it and then go and kill the device. or is there???
this is causing the network to slow down and causing the internet to freeze and hang also i have noticed lag in exploring the network caused by this back log of packets on the line.
at the moment im switching off a building at a time and then having to call them back to see if they are still getting the packets. this work can only be done out of hours and only till 6pm as they go home so as you can guess this is a very slow!!
does any one know of a faster way of doing this or how i can search to find out where this is coming from??
ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??
yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??
yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
hmm, it depends how you have it set up, at my place we have it physically between us and the internet so nic 1 is lan nic 2 is wan, if it is set up like that (might be possible if not). without connecting to it from here ( which i can't as i can't get the vpn client working on my linux box!) theres an option to view a live log and you can set filters up etc to limit what is being shown. i would suggest tho that if its sending masses of packets that its some type of virus.
Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.
ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??
yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
I suggest you have a quick read through the FAQs / Instructions - capture a 10 second blast on a segment of your network where you know you are getting problems - then post the data [ zip it up as it will be quite large ] and let a few people look at the data - you may get a few conflicting results from people but I am sure one or two of us will agree.....
Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.
Fair enough, just proves how old I am when it comes to using certain applications !!!
also check your anti-virus server as it may have picked things up that you don't want - but hasn't installed properly on the machine that is sending the packets - also check domain controllers for mass failed login attempts
If you have ISA 2006, as long as you have ISA Server 2006 Supportability Update (KB939455) applied to your ISA server you can use the Log Viewer (Logging tab in Monitoring) to filter and view all traffic in the logs - doesn't have to be live data: just change the Log Time from "Live" to whatever interval you want to examine.
Hi work was mental so i didnt get to do it yesterday. just done my first capture but cant make head nor tail of it i have attached the file can any one make sense of this??
Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.
mattx - say hello to the future , future say hello to mattx - as above its now wire shark which as angrytech stated above.
LinkBack URL
About LinkBacks
keep getting loads of packets addressed to127.0.0.1 
Reply With Quote
Originally Posted by mhchs 
