One of our servers is generating unkown UDP traffic that floods our network rendering it unuseable. The problem seems to be getting progressively worse. At first, we thought the a new switch (which we took off-line) was just locking up. This is how we discovered that powering off our main switch (the one all of our servers are connected to) resolves the problem for a while
When the problem continued to surface, we installed Ethereal to analyze the network's traffic. We discovered that when the problem would occur, one of our servers was sending UDP packets to a certain client. So we disabled the integrated network card on the server and installed another NIC
The problem surfaced again a day or two later, and Ethereal revealed that the SAME server was again flooding the network with UDP packets to a DIFFERENT client. But this time when we cycled the power on the switch, the problem returned only a few minutes later
Not only does the client (source address) change with each occurance, but the destination AND source ports seem to change with each instance
The last time this occured, we disconnected the server from the network and sure enough the problem stoped. We then ran an anti-virus check (all systems go), rebooted the server, and have reconnected it to the network (since we do need it)
Server System Info
Windows Server 200
- Domain Controller (No FSMO Roles
- Global Catalo
- DN
- WIN
- DHC
Exchange Server 200
Ethereal Output
- Each group is a single instance of the problem. Durring each instance, there are hundreds of each of these packets when the problem occurs
Source/Destination/Protocol/Inf
192.168.1.11/192.168.1.152/UDP/Source port: 40122 Destination port: 115
192.168.1.11/192.168.1.152/UDP/Source port: 40152 Destination port: 115
192.168.1.11/192.168.1.152/UDP/Source port: 40214 Destination port: 115
192.168.1.11/192.168.1.152/UDP/Source port: 40183 Destination port: 115
192.168.1.11/192.168.1.129/UDP/Source port: 41801 Destination port: 230
192.168.1.11/192.168.1.129/UDP/Source port: 41838 Destination port: 230
192.168.1.11/192.168.1.129/UDP/Source port: 41801 Destination port: 230
192.168.1.11/192.168.1.143/UDP/Source port: 46634 Destination port: 145
192.168.1.11/192.168.1.143/UDP/Source port: 46602 Destination port: 145
192.168.1.11/192.168.1.143/UDP/Source port: 46604 Destination port: 145
192.168.1.11/192.168.1.169/UDP/Source port: 39002 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38980 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38959 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38984 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38974 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38962 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38953 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38941 Destination port: 111
192.168.1.11/192.168.1.169/UDP/Source port: 38996 Destination port: 1114
|
Similar Threads
Linear Mode
