Q

How to address a spike in TCP and UDP flows

Have an unusual spike in TCP and UDP flows? Expert Peter Wood explains how to zero in on the problem.

I noticed an unusual spike in TCP and UDP flows from a single internal source to multiple destinations. What steps you would take to determine the type of traffic that this represents?
To address a spike in TCP and UDP flows, run a packet sniffer such as Wireshark or CommView on a hub connected to the target device. Both these programs give you the opportunity to filter traffic during capture and post-capture to determine what is going on. Filters can be set for individual ports or protocols, as well as source and destination IP addresses. You can also rebuild sessions using either of these tools. If the device is non-critical, you may wish to isolate it first, in case it has been infected with malware.

This was last published in October 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Network security management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close