+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Internet Related/Filtering/Firewall Thread, keep getting loads of packets addressed to127.0.0.1 in Technical; Hi i am having problems with loads of trash packets being sent to the default gateway which then slows the ...
  1. #1

    Join Date
    Mar 2010
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Exclamation keep getting loads of packets addressed to127.0.0.1

    Hi

    i am having problems with loads of trash packets being sent to the default gateway which then slows the network right down. our isp / lea people are saying that they are getting loads of packets from the following address 127.0.0.1

    obv this is the address that you ping to check the local nic so i cant just do a quick search for it and then go and kill the device. or is there???

    this is causing the network to slow down and causing the internet to freeze and hang also i have noticed lag in exploring the network caused by this back log of packets on the line.


    at the moment im switching off a building at a time and then having to call them back to see if they are still getting the packets. this work can only be done out of hours and only till 6pm as they go home so as you can guess this is a very slow!!

    does any one know of a faster way of doing this or how i can search to find out where this is coming from??
    Last edited by mhchs; 2nd March 2010 at 07:27 PM.

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    try running this Wireshark About also do you have an ISA server in the middle between your network and there default gateway?

  3. #3

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Ethereal is another...

    Ethereal: A Network Protocol Analyzer

  4. #4

    Join Date
    Mar 2010
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Smile

    Hi

    ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??

    yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??

  5. #5

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Quote Originally Posted by mhchs View Post
    Hi

    ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??

    yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
    hmm, it depends how you have it set up, at my place we have it physically between us and the internet so nic 1 is lan nic 2 is wan, if it is set up like that (might be possible if not). without connecting to it from here ( which i can't as i can't get the vpn client working on my linux box!) theres an option to view a live log and you can set filters up etc to limit what is being shown. i would suggest tho that if its sending masses of packets that its some type of virus.


    as for setting up wireshark to look theres a video available Wireshark Introduction

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by mattx View Post
    Ethereal is another...
    Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.

  7. #7

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Quote Originally Posted by mhchs View Post
    Hi

    ok thanks i will try this out tomorrow. i have seen this being used before but im not quite sure how to set up the capture??

    yeah there is an isa server but its more used for checking people coming in through to our web mail server, can i still use it to track this down then??
    I suggest you have a quick read through the FAQs / Instructions - capture a 10 second blast on a segment of your network where you know you are getting problems - then post the data [ zip it up as it will be quite large ] and let a few people look at the data - you may get a few conflicting results from people but I am sure one or two of us will agree.....

  8. #8

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Quote Originally Posted by AngryTechnician View Post
    Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.
    Fair enough, just proves how old I am when it comes to using certain applications !!!

  9. #9

    Join Date
    Mar 2010
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    excellent, nice one everybody i will give it a go and post up what i find. thanks

  10. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    also check your anti-virus server as it may have picked things up that you don't want - but hasn't installed properly on the machine that is sending the packets - also check domain controllers for mass failed login attempts

  11. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    any luck find the machine?

  12. #12

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    If you have ISA 2006, as long as you have ISA Server 2006 Supportability Update (KB939455) applied to your ISA server you can use the Log Viewer (Logging tab in Monitoring) to filter and view all traffic in the logs - doesn't have to be live data: just change the Log Time from "Live" to whatever interval you want to examine.

  13. #13

    Join Date
    Mar 2010
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi work was mental so i didnt get to do it yesterday. just done my first capture but cant make head nor tail of it i have attached the file can any one make sense of this??
    Attached Files Attached Files

  14. #14

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,756
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by AngryTechnician View Post
    Ethereal is what Wireshark used to be called before they changed the name. I'm surprised the site is even still there, but although it hasn't been updated in years, the SourceForge download links take you to the Wireshark project page.
    mattx - say hello to the future , future say hello to mattx - as above its now wire shark which as angrytech stated above.

  15. #15

    Join Date
    Mar 2010
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    just a quick one this is the reports that our isp is giving us

    Inuse Entries: 43 Perm Entries: 0
    Pending Entries: 0
    Out Request: 14 Out Response: 0
    In Request: 156 In Response: 14
    Proxy Answered: 0
    Rx Error: 0 Dup IP Addr: 0
    Rejected count: 5 Rejected IP: 127.0.0.1
    Rejected Port: 2 Rejected I/F: bnt-mhh-cu

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [Video] Video about packets...
    By mossj in forum Jokes/Interweb Things
    Replies: 4
    Last Post: 5th February 2010, 11:19 PM
  2. Loads a Work
    By Simcfc73 in forum General Chat
    Replies: 2
    Last Post: 22nd January 2010, 10:19 PM
  3. embc webserver issues addressed
    By sparkeh in forum East Midlands Broadband Consortium (EMBC)
    Replies: 7
    Last Post: 12th January 2010, 09:19 AM
  4. [CLOSED] Improvement: Ad Block Splash before Ad Loads
    By kmount in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 5th September 2008, 12:42 PM
  5. SMB Packets
    By AJT1 in forum Wireless Networks
    Replies: 6
    Last Post: 12th February 2008, 12:56 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •