Wired Networks Thread, Network Traffic Problems in Technical; Is anyone any good at analysing WireShark captures? I'm not basically! Ive got a school whose network is producing a ...
29th June 2011, 02:30 PM #1
Network Traffic Problems
Is anyone any good at analysing WireShark captures? I'm not basically! Ive got a school whose network is producing a huge amount of network traffic that is causing problem. Its not a loopback.
A 5 second capture from WireShark is attached - if anyone can give me any ideas or useful tips, I would be very grateful!!
IDG Tech News
29th June 2011, 02:44 PM #2
I'd have a quick word with Mrs Gerard who appears to be doing a lot of file copy/move operations from workstation 172.19.41.135.
Other than that... looks all pretty legit to me.
29th June 2011, 04:57 PM #3
All of your traffic from 188.8.131.52 is creating IP checksum errors which is unlikely to be helping. I would presume this is a server - I would suggest you 1) upgrade the drivers on that machines NIC, and 2) take a look at the settings on that machines NIC and disable any Checksum Offload features (via Device Manager or the NICs seperate utility if one is available). See if that makes a difference.
Thanks to Diello from:
mtillbrook (1st July 2011)
30th June 2011, 11:41 AM #4
I agree 172.19.41.250 and 172.19.41.135 are both having ilegal check sums one might be the server. Try a different nic card or driver. One of these might be the server receiving all the checksums from the client.
30th June 2011, 11:44 AM #5
I know this will be a silly question but are you using a windows 2008 server?
30th June 2011, 10:06 PM #6
It is indeed server 2008r2
1st July 2011, 08:30 AM #7
You could try to disable those special nic capabilities by running (in a dos box):
netsh interface tcp set global rss=disabled
netsh interface tcp set global chimney=disabled
netsh interface tcp set global netdma=disabled
Thanks to bio from:
mtillbrook (1st July 2011)
1st July 2011, 05:35 PM #8
Have a look here for details of how Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008 and are you using ip6 if you are not it might also be worth disabling ip6 on the servers.
How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008
Sorry I forgot are you getting event id 2012 on the server
1st July 2011, 05:50 PM #9
Thanks for all the replies on this - I have done some of the things mentioned above and things seem to have calmed down a fair bit. Hopefully that will be the issues resolved now but I'll post back if not!!
31st August 2011, 08:30 PM #10
- Rep Power
Just came accross your post - thought I 'd ask - did you check the switch logs for broken packets, runts etc. quite often things like this can be caused by a port mis-match; auto on one end, 100 full the other. Then what happens is that as broken packets are dumped by the recieving node which then proceeds to send out a resend request. So traffic builds up quick, worse case senario a broadcast storm.
By ful56_uk in forum Network and Classroom Management
Last Post: 9th September 2010, 10:37 AM
By Mr.Ben in forum How do you do....it?
Last Post: 12th November 2009, 12:39 PM
By CraigM in forum Wireless Networks
Last Post: 15th March 2008, 01:09 AM
By SpuffMonkey in forum How do you do....it?
Last Post: 15th January 2006, 07:18 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)