<br><font size=2 face="sans-serif">I took a dump (using ngrep) of 57000
packets brought it into excel, and did find one infected box sending out
1/2 the packets, but I think it's not the problem, I shut the box down
and had no difference. I thought that two, but I am going one box at a
time and we'll see if we can find the culprit then manybe find out why.</font>
<br>
<br><font size=2 face="sans-serif">thanks for the replies to give me something
to look for.</font>
<br>
<br><font size=2 face="sans-serif"><br>
</font><img src=cid:_1_07603F0407603CDC00647C1E852574A2>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Brad Bartram"
<brad.bartram@gmail.com></b> </font>
<br><font size=1 face="sans-serif">Sent by: nflug-bounces@nflug.org</font>
<p><font size=1 face="sans-serif">08/11/2008 02:11 PM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
nflug@nflug.org</font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">nflug@nflug.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [nflug] Help- At a Loss</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2>Check for the existence of malware on the windows
boxes. Grab a tcp<br>
dump of the network traffic closest to one of the affected nodes and<br>
see if there's anything there that shouldn't be.<br>
<br>
Brad<br>
<br>
On Mon, Aug 11, 2008 at 2:02 PM, Cyber Source <peter@thecybersource.com>
wrote:<br>
> The first thing that comes to mind are these;<br>
> 1. Duplicate MAC address on the network ?<br>
> 2. Bad termination of an RJ45?<br>
> 3. Some windows box gone hay wire?<br>
><br>
> justin.bennett@dynabrade.com wrote:<br>
>><br>
>> Hey guys,<br>
>><br>
>> This is a little off topic, but I need
some help. I'm experiencing<br>
>> some packet loss on an internal network at one of our remote locations.
I<br>
>> don't understand why, It's network wide, if I try to ping a windows
server<br>
>> from a local desktop, I'll loose between 6-19% of the packets,
If I ping one<br>
>> server from another, or desktop to desktop, I get packet loss,
so bad it's<br>
>> affecting the performance of the network to the point where DNS
lookups fail<br>
>> and sites can't be reached. I thought it was the network switch
there, but I<br>
>> had him replace it with a new one, (different brand) same problem.
Is there<br>
>> anything that may be causing this? I'm looking for thoughts at
the moment.<br>
>> Basically it's windows XP clients doing DHCP to a Linux box running
samba as<br>
>> a file server, and the a Windows 2003 server as their application
system.<br>
>><br>
>> Thanks<br>
>> Justin<br>
>><br>
>> ------------------------------------------------------------------------<br>
>><br>
>> _______________________________________________<br>
>> nflug mailing list<br>
>> nflug@nflug.org<br>
>> </font></tt><a href=http://www.nflug.org/mailman/listinfo/nflug><tt><font size=2>http://www.nflug.org/mailman/listinfo/nflug<br>
>><br>
><br>
> _______________________________________________<br>
> nflug mailing list<br>
> nflug@nflug.org<br>
> </font></tt><a href=http://www.nflug.org/mailman/listinfo/nflug><tt><font size=2>http://www.nflug.org/mailman/listinfo/nflug<br>
><br>
_______________________________________________<br>
nflug mailing list<br>
nflug@nflug.org<br>
</font></tt><a href=http://www.nflug.org/mailman/listinfo/nflug><tt><font size=2>http://www.nflug.org/mailman/listinfo/nflug<br>
</font></tt></a></a></a>
<br>