I just started using Wireshark because of a network problem
I have been having problems tracking down. Several times during the day, our
switches became “pegged” and no computer was able to access network
resources, or get online.
I installed wireshark on our domain controller and noticed
there was 1 computer that has thousands of “DCERPC [TCP Retransmission]
Request: call_id 442527 opnum: 69 ctx_idx:” packets, in a short amount of
time, and little more than DNS/ARP/BROWSER transmissions from any other
computer on the network.
I picked up this laptop and found nothing out of the
ordinary, hardware or software wise. We are running network based Antivirus and
that found nothing as well.
Being new to Wireshark, and analyzing packets in general, I
was hoping someone could give me a basis on where to start with this. Are these
DCERPC transmissions causing my network outage or do I need to start looking
elsewhere?
A little background on the network: We are a small Catholic
school of less than 400 students, all with mobile laptops. Fiber runs through
the backbone, wireless access points throughout the school, several servers all
running some version of Windows.
Thanks for the help.
Tony.
