What is network congestion?
In data networking and queuing theory, network congestion occurs when a link or node is carrying so much data that its quality of service deteriorates. Typical effects include queuing delay, packet loss or the blocking of new connections. A consequence of these latter two is that an incremental increase in offered load leads either only to a small increase in network throughput, or to an actual reduction in network throughput.
Fault description
Network activity of host (MAC: 00:0D:61:E2:76:02) is abnormal, to sent a large number of broadcast packets. Please see the figure below:
Figure 1: Diagnose network congestion in the Nodes tab
Switch to summary tab, we found that these packets which’s size is in between 66-127 accounted a large proportion of total traffic. Please see the figure below:
Diagnose Network Congestion
To analyzed packets sent by the host (MAC: 00:0D:61:E2:76:02), we found that the host constantly query reg.chaxun.com domain and the DNS server returned back a name error response. Next, the host broadcast wins packets to query reg.chaxun.com domain, please see the figure below:
Conclusion
The host query a domain which don’t exists and sent a large of packets, to waste network resources. we found the host and clear these malware. The fault was resolved and network returned to normal.