Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dyop_Geop
New Contributor

Created on ‎09-23-2014 08:03 PM

unknown Source Consuming bandwidth

May I ask, what could be this “viewpaulbusinezs.no-ip.org (0.0.0.0)” mentioned in the screenshot below? In the screenshot also is the configuration of the widget for your reference. How can I trace what is this or who is this?
Preview file
189 KB
18631
0 Kudos
24 REPLIES 24
Dyop_Geop
New Contributor

Created on ‎10-02-2014 06:28 PM

AFTER2 :
Preview file
108 KB
3205
0 Kudos
Dave_Hall
Honored Contributor
In response to Dyop_Geop

Created on ‎10-02-2014 06:47 PM

Hi Dyop. Your final screenshot of TOP users doesn' t appear to be sorted by anything meaningful, but I assume it is sorted by session count, which doesn' t appear to be added to the visible columns. If some device on your network is gobbing up bandwidth you will want to sort the list by Bytes Sent/Received. (Your first screenshot shows the device in question as using up one session anyway.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
3229
0 Kudos
Dyop_Geop
New Contributor
In response to Dave_Hall

Created on ‎10-02-2014 07:00 PM

ORIGINAL: Dave Hall Hi Dyop. Your final screenshot of TOP users doesn' t appear to be sorted by anything meaningful, but I assume it is sorted by session count, which doesn' t appear to be added to the visible columns. If some device on your network is gobbing up bandwidth you will want to sort the list by Bytes Sent/Received. (Your first screenshot shows the device in question as using up one session anyway.)
Hi Sir Dave, Thanks for the response. I' ve attached how this is sorted, this is sorted by Bytes. I also agree that the previous screenshots doesn' t help at all. hahaha. I dunno if this snip will also help. Anyway, I' m just showing you guys what I see. I can' t seem to isolate the problem. or I can' t find what causes this paulbussines blah blah to show in top sources.
Preview file
100 KB
3229
0 Kudos
Dave_Hall
Honored Contributor
In response to Dyop_Geop

Created on ‎10-02-2014 08:18 PM

I' m using firmware 5.0.9 but your Top Sessions (or Top users) list should look something similar to this...

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
199 KB
3229
0 Kudos
netmin
Contributor II
In response to Dyop_Geop

Created on ‎10-06-2014 02:00 PM

After testing a bit further I can find ways to create/show 0.0.0.0->255.255.255.255 traffic. However, it won' t disappear when changing filters or views. Also, without bending a DNS server it does not resolve by reverse lookup to an fqdn and not by DNS forward lookup caching to any name (and it should not). This does not happen regardless of secondary addresses, hostnames looking like ip addresses or vips listening on 0.0.0.0. I didn' t try to duplicate MAC addresses on the network though. So maybe you are experiencing a bug (what FortiOS version are you using?). You should also do reverse DNS lookups from an internal PC (using the same DNS service as your FGT) to 0.0.0.0, to your VIP(s)/external IP address(es) to determine what your DNS service actually returns for each of them. Wireshark & Co might help to determine where this traffic originates on the port1 network.
3241
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.