This is coming late, because the weekend was very tough in the office.
I came into the office early on Friday, everything was going on fine until around 9:30 am when the link just became suddenly slow. I noticed this because all of a sudden I was not able to open web pages. The first thing I did was to ping the IP address of my ISP, to make sure that the link from there side was OK. I found out that I was loosing a lot of packets from there end. The next thing I did was ping my default gateway from inside the LAN and I still got the same loss of packets. I guessed a computer on the LAN must have been sending out a lot of broadcast, that would cause congestion on the LAN. On the other hand this could be a Virus, Spyware or Malware problem too. Just to make sure everything on the LAN was OK, I switched off all the Switches on the LAN to disconnect all the systems on the Network, then I pinged my default gateway of my LAN to see the response and I still got the same loss of packets.
When pinging your LAN's default gateway, you should get nothing higher than a 2ms response time. I was getting up to 4000ms. You could see how serious this situation was. I concluded that since the LAN was shut down and I was still getting this high response time, then the problem must be on the Server. I ran a Spyware scan on the Server, and it found two potentially dangerous threats. I tried removing them, but every time I removed them, they reinstalled themselves. This was serious. I could not even run Task Manager. The other option I had was to edit the registry and try and locate the registry key of the Spyware. I found the keys and then removed them. I also ran a boot time scan with Avast Antivirus on the system. A boot time scan is always good because the Antivirus software can scan all files and folders before the system starts up any processes. This is better because nothing would have been loaded so not even viruses or Spywares would have started before the scan. The Antivirus scan found two infections and removed them. The Server booted and I logged back in.
I scanned the system again for spywares and malware and nothing was found. That had been taken care of. I pinged the default gateway of the LAN and I was still getting high response time and loss of packets. I checked our firewall and everything seemed OK. I decided it was a physical layer problem. I pinged the loopback (127.0.0.1) address of the NIC (Network Interface Card) connected to the LAN, it responded. I also pinged the NIC's IP address which is the default gateway of the LAN and it also responded. So this meant the TCIP stack on the card was OK. I still decided to change the NIC card and see what another card does. So I had to look for a system that had an extra NIC card that was compatible with the HP Proliant Server. I was able to get one and I swapped it. I pinged again and things seemed better.
No comments:
Post a Comment