blob: 29e1f5346af1ba58a26c1a8d8a100403b216e779 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
### Understand the alert
This alert is triggered when there is a significant increase in the number of received packets within a 10-second interval. It indicates a potential packet storm, which may cause network congestion, dropped packets, and reduced performance.
### Troubleshoot the alert
1. **Check network utilization**: Monitor network utilization on the affected interface to identify potential bottlenecks, high bandwidth usage, or network saturation.
2. **Identify the source**: Determine the source of the increased packet rate. This may be caused by a misconfigured application, a faulty network device, or a Denial of Service (DoS) attack.
3. **Inspect network devices**: Check network devices such as routers, switches, and firewalls for potential issues, misconfigurations, or firmware updates that may resolve the problem.
4. **Verify application behavior**: Ensure that the applications running on your network are behaving as expected and not generating excessive traffic.
5. **Implement rate limiting**: If the packet storm is caused by a specific application or service, consider implementing rate limiting to control the number of packets being sent.
6. **Monitor network security**: Check for signs of a DoS attack or other security threats, and take appropriate action to mitigate the risk.
### Useful resources
1. [Wireshark User's Guide](https://www.wireshark.org/docs/wsug_html_chunked/)
2. [Tcpdump Manual Page](https://www.tcpdump.org/manpages/tcpdump.1.html)
3. [Iperf - Network Bandwidth Measurement Tool](https://iperf.fr/)
|
