3 Replies Latest reply on Jan 9, 2015 9:58 AM by Leon Adato

    Client-Server connection- generate rubbish traffic

    slavey.dishkov@scansource.eu

      I like this training,  I have a question: In our organization I see this type of
      issue from time to time:   User in remote office (client machine) end up with connection
      to server, like constant file transfer.

      when I login on the client (user station, PC, laptop) I don’t see any program like windows explorer or anything else to be
      open and normally users report that haven't used that share server in last few
      hours and sometimes even in day etc.

       

      I think something doesn’t close the session and b/w client and
      server properly in Microspft OS software or maybe 3rd party apps. etc. and that things don’t time out.

       

      From the network perspective this cause huge amount of fake
      traffic b/w both hosts. When I see issue like that and I look in Netfow the converstation automatically jump in the top
      5 conversations list.

      The only one solution that we found is to reboot the client PC to drop the connection. I’m not sure if this is going to do with that Zero packet mention on the training. We all know bandwidth cost money and I prefer WAN links to be
      used for real traffic, even we have good QoS implementation and that go in default, taht type of traffic is not the only one that go in default. 

       

      Is there any other way that we can solve or even prevent this waste of expensive resources?

      I appreciate any advice and help,

      Regards,

      Slavey

        • Re: Client-Server connection- generate rubbish traffic
          Leon Adato

          While a drive mapping ("net use") or other network connection will generate a little traffic between the client and the server from time, as either the client or server passes an authentication token or refresh, it shouldn't be a significant amount. Can you give me an idea of how much data is being transferred when you see these spikes?

           

          If you have SAM, you can also open the realtime process explorer and/or the realtime service explorer to see which programs are using a large amount of CPU and/or RAM - a large file transfer *should* also have a program associated with it.

           

          Even without SAM, you can do the same thing by opening Task Manager and seeing what's running at that time (make sure you check the "show processes from all users" option).

           

          My gut says to check clients for virus, malware, trojans, etc. If that much data is being transferred, SOMETHING is happening on the box.

            • Re: Client-Server connection- generate rubbish traffic
              slavey.dishkov@scansource.eu

              Amount of the traffic really depends on the time when issue is discovered, we don’t have anyone that constantly watching the monitoring system and we are involved when there is an issue or just noticed when we do/look for something else in Solarwinds.

               

              According to my memory traffic was less than 3G etc.

              I think a year ago when it happen it was 2,3G etc. and  in the last 6 months happens two times. It was something 1,2G or  1,7 G;  Something in this range.

              Next time when it happen, I’ll have a look in processes list . Before I didn’t think that can be an issue and I was concentrating all my effort on the network side and “netstat” for on the PC for something suspicious etc.