+ Post New Thread
Results 1 to 10 of 10
Wired Networks Thread, Network Traffic Problems in Technical; Is anyone any good at analysing WireShark captures? I'm not basically! Ive got a school whose network is producing a ...
  1. #1

    Join Date
    Jan 2010
    Location
    Slough
    Posts
    101
    Thank Post
    19
    Thanked 4 Times in 4 Posts
    Rep Power
    20

    Network Traffic Problems

    Is anyone any good at analysing WireShark captures? I'm not basically! Ive got a school whose network is producing a huge amount of network traffic that is causing problem. Its not a loopback.

    A 5 second capture from WireShark is attached - if anyone can give me any ideas or useful tips, I would be very grateful!!

    Thanks!!
    Attached Files Attached Files

  2. #2

    Join Date
    Oct 2005
    Posts
    821
    Thank Post
    51
    Thanked 110 Times in 100 Posts
    Rep Power
    63
    I'd have a quick word with Mrs Gerard who appears to be doing a lot of file copy/move operations from workstation 172.19.41.135.

    Other than that... looks all pretty legit to me.

  3. #3
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    112
    Thanked 228 Times in 128 Posts
    Rep Power
    74
    All of your traffic from 172.190.41.250 is creating IP checksum errors which is unlikely to be helping. I would presume this is a server - I would suggest you 1) upgrade the drivers on that machines NIC, and 2) take a look at the settings on that machines NIC and disable any Checksum Offload features (via Device Manager or the NICs seperate utility if one is available). See if that makes a difference.

  4. Thanks to Diello from:

    mtillbrook (1st July 2011)

  5. #4
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    I agree 172.19.41.250 and 172.19.41.135 are both having ilegal check sums one might be the server. Try a different nic card or driver. One of these might be the server receiving all the checksums from the client.

    Richard

  6. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    HI

    I know this will be a silly question but are you using a windows 2008 server?

    Richard

  7. #6

    Join Date
    Jan 2010
    Location
    Slough
    Posts
    101
    Thank Post
    19
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    It is indeed server 2008r2

  8. #7
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    You could try to disable those special nic capabilities by running (in a dos box):

    netsh interface tcp set global rss=disabled
    netsh interface tcp set global chimney=disabled
    netsh interface tcp set global netdma=disabled

    bio..

  9. Thanks to bio from:

    mtillbrook (1st July 2011)

  10. #8
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Have a look here for details of how Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008 and are you using ip6 if you are not it might also be worth disabling ip6 on the servers.
    How to disable certain Internet Protocol version 6 &#40IPv6&#41 components in Windows Vista, Windows 7, and Windows Server 2008

    Sorry I forgot are you getting event id 2012 on the server
    Richard

  11. #9

    Join Date
    Jan 2010
    Location
    Slough
    Posts
    101
    Thank Post
    19
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    Hi Guys

    Thanks for all the replies on this - I have done some of the things mentioned above and things seem to have calmed down a fair bit. Hopefully that will be the issues resolved now but I'll post back if not!!

    Thanks again!

  12. #10

    Join Date
    Feb 2009
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Just came accross your post - thought I 'd ask - did you check the switch logs for broken packets, runts etc. quite often things like this can be caused by a port mis-match; auto on one end, 100 full the other. Then what happens is that as broken packets are dumped by the recieving node which then proceeds to send out a resend request. So traffic builds up quick, worse case senario a broadcast storm.

SHARE:
+ Post New Thread

Similar Threads

  1. network traffic analyzer
    By ful56_uk in forum Network and Classroom Management
    Replies: 5
    Last Post: 9th September 2010, 09:37 AM
  2. Seperating Network Traffic
    By Mr.Ben in forum How do you do....it?
    Replies: 2
    Last Post: 12th November 2009, 11:39 AM
  3. Network traffic reports
    By CraigM in forum Wireless Networks
    Replies: 11
    Last Post: 15th March 2008, 12:09 AM
  4. Analyse Network Traffic
    By SpuffMonkey in forum How do you do....it?
    Replies: 10
    Last Post: 15th January 2006, 06:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •