Help Troubleshooting Office Network Traffic

chisiang

Senior Member
Joined
Apr 19, 2001
Messages
1,585
Reaction score
0
Ima no expert in networking, tot maybe this is the place to seek enlightenment.

There are 3 PCs on my company's network that is generating 30% of the entire office's traffic. My company has about 100+ PCs, mostly blocked from web content.

PC1: 44,023,823 packets | 62.2GB
PC2: 38,954,530 packets | 48.8GB
PC3: 33,246,492 packets | 37.3GB

Are these normal at all? They are all HTTP-ALT port 8080 traffic.

Outbound Traffic outnumbered inbound by 34Mbps:1.63Mbps

Even during ghost hours like 1-4am there are still traffic generated. :s11:

And the firewall is showing the below which I assumed are malware/virus footprint.

- OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt
- FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt
- PROTOCOL-DNS DNS query amplification attempt

Any help will be much appreciated.

TIA
 

dryteletubby

Senior Member
Joined
Aug 25, 2017
Messages
2,303
Reaction score
1
Try LibreNMS, its free open source software or look at the logs from your router.
 
Last edited:

Ah-Pin-Kor

Great Supremacy Member
Joined
Apr 2, 2008
Messages
54,433
Reaction score
1,334
Did you login to the pcs to see what services and processes are running? If nobody owns up then just disconnect them first and analyze later.
 

Trans-Am

Supremacy Member
Joined
Apr 2, 2014
Messages
7,047
Reaction score
247
Ima no expert in networking, tot maybe this is the place to seek enlightenment.

There are 3 PCs on my company's network that is generating 30% of the entire office's traffic. My company has about 100+ PCs, mostly blocked from web content.

PC1: 44,023,823 packets | 62.2GB
PC2: 38,954,530 packets | 48.8GB
PC3: 33,246,492 packets | 37.3GB

Are these normal at all? They are all HTTP-ALT port 8080 traffic.

Outbound Traffic outnumbered inbound by 34Mbps:1.63Mbps

Even during ghost hours like 1-4am there are still traffic generated. :s11:

And the firewall is showing the below which I assumed are malware/virus footprint.

- OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt
- FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt
- PROTOCOL-DNS DNS query amplification attempt

Any help will be much appreciated.

TIA
Prawn farm? :s13:

Sent from 痛い❤ ! 痛い❤ ! 止めて using GAGT
 

tanfwc

Master Member
Joined
Jul 19, 2002
Messages
4,402
Reaction score
0
You should dump the processlist and find out what is consuming the bandwidth.

Pretty sure with 100 PC your company should have some IT dept
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top