How to address a spike in TCP and UDP flows

Ask the Expert

How to address a spike in TCP and UDP flows

I noticed an unusual spike in TCP and UDP flows from a single internal source to multiple destinations. What steps you would take to determine the type of traffic that this represents?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

To address a spike in TCP and UDP flows, run a packet sniffer such as Wireshark or CommView on a hub connected to the target device. Both these programs give you the opportunity to filter traffic during capture and post-capture to determine what is going on. Filters can be set for individual ports or protocols, as well as source and destination IP addresses. You can also rebuild sessions using either of these tools. If the device is non-critical, you may wish to isolate it first, in case it has been infected with malware.

This was first published in October 2009


COMMENTS powered by Disqus  //  Commenting policy