No announcement yet.

Trouble shooting broadcast computer the remote location

  • Filter
  • Time
  • Show
Clear All
new posts

  • Trouble shooting broadcast computer the remote location

    Hello Team,

    I have a remote network location that during peak hour the internet on that network going so slow. I suspect there is computer somewhere on that work doing something funky.
    I test the bandwidth after hour and the network acting normal.

    What is the best tool or way to trouble shooting remotely without using the staff at the remote location to shutdown one pc at a time?

    The network is simple. I have Watchguard SOHO 6 as the firewall, and old Dell Power connect switches


  • #2
    Re: Trouble shooting broadcast computer the remote location

    You should be able to log your outgoing traffic to look for repeated connections from the same host and then look at unusual non-standard ports. A better option if the watchguard supports it is to enable netflow and export the data to a collector. Cisco devices will let you use netflow without a collector (Netflow top talkers) but I am not sure the watchguard offers that. Also if the switches are managed I would have a look at those logs as well for unusual broadcast, multicast traffic, CAM overflow etc, mac spoofing etc. You can do some sniffing with Wireshark
    Last edited by auglan; 14th June 2012, 14:21.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)