Hello friends,

I am system admin in small company with 7 desktops and 4 laptops. All systems are working perfect.

Sometime i can ping our ISP dns but cannot connect internet at same time other systems are using internet, than I have to restart PIX firewall and than works perfect. After 2nd day another system has same problem.

Now I removed PIX, but I want to know what is this problem? Is it Network Flooding? IF yes, how can i idenitify and prevent it?

Please help me,

Help would be really appreciated.

Thanks a lot..

7 Years
Discussion Span
Last Post by Hilary H

Install Wireshark on one of the machines behind your PIX. During a period of network outage fire up Wireshark and monitor your traffic for about 3 minutes. While you're capturing the data with wireshark open 2 browser windows and try to hit 2 different websites. Don't go crazy and try to connect everywhere because it makes reading the log files a mess.

After you have logged a few minutes of traffic then upload the PCAP files here.
WARNING: You could accidently pick up passwords being broadcast over the network. DO NOT login to any system during the period where you are capturing traffic. Also double check the captured packets to ensure you're not about to upload any sensitive information.


Lets start with some questions;

Did removing the PIX solve the connectivity problem?
If so the problem is likely associated with the PIX configuration in some way

If not did the nature of the problem change?

You can take a trace as suggested, but if done as requested you will provide data on the system running wireshark, and not necessarily any of the other systems.

It may however confirm that you are experiencing a problem, but may not provide the data necessary to say why...

Some architectural questions;

Can you describe your network in detail?


How are the stations connected to one another?
What are the device make models and versions if you know them?

How big is your internet pipe?

What kind of internet access do you have?

Who is the provider?

Some questions surrounding the problem;

Is there consistency in the time of day the problem occurs?

Is there any consistency with which stations are effected?

Are there any stations that seem to never present the problem?

Are local resources accessible during these events?

Network Flooding could mean a couple of things;

The local network is experiencing a broadcast storm of some sort and this is causing issues with all access to all resources

The internet link is "flooded" and as such is not allowing access due to line saturation but local resources seem to be working.

Some other event (worm virus) is generating significant traffic and creating resource issues on various parts of the network...

With what you have provided so far it is difficult to determine whether this is an issue of flooding or not...

Answer the above questions and we'll see if we can't help you ID the problem.

Good luck in any case :)


The obvious thing that occurs to me is that maybe the PIX is limited to a 10 Client license for accessing the internet.

But if removing the PIX removes the issue, it suggests that the Pix is the Cause and you should start by looking through its logs.


You can use the traffic monitoring software (example: active wall) to identify the computer which in trouble.


When there is network flooding in your network, all the computers should receive those packets which are not destined to them.You can install a packet sniffing tools on any computer of your network and check it.


There are many kinds of flooding in network, each has its different features. As a network admin, I think you'd better search some good tools to help you manage the network. Here is a list:
1. Network sniffer: wireshark, Capsa, Comview.
2. Colasoft Mac Scanner, List MAC addresses and IP addresses in your local subnet in seconds.
3, Ping tool, to ping multiple IP addresses simultaneously and comparing response time in a graphic chart.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.