Hi guys, I am new in middle-sized network administering and I am currently facing the next problem: the network runs very slow. I did some research and found (via a tcpdump-n > packets) that way too many packets arrive on the interface on my personal PC in the same network. Here are only switches used (some passive and some configurable). As good as I know I shouldn't recieve normal tcp packets that are not destined for me (this must the switches do). Anyway I recieve a lot of them (in 5 minutes I recieve about 5000 packets). Among these are about 2/3 calling ports 137, 138, 139 or 445, or replies to these ports. I did some research on these ports and know what they are and how vulnerable these services are. Questions: 1. Can it be that this medium-sized network (about 280-300 Windows PC's) is stiffed up with viruses? If yes, any ideas what viruses? Hints? Anything? 2. Why are packets arriving on my interface that are not destined for me? Isn't this a sign of a virus? 3. If my assumpitons are coorect what measures should I take? Ask everyone to disable these sevices? and the last one: 4. please give me a hint on a good documentation on how to track down infected hosts on my network. Any help is apreciated. Thanks. Alex.

Alex, first question?-have you scanned for malware?Half the battle is knowing your enemy. Have you heard of snort?use it,its one excellent tool.Here is a few tools with snort- - Snort as a straight packet sniffer like tcpdump. - Snort as a packet logger. Useful for network traffic debugging etc. - Snort as a full blown network intrusion detection system. Here is the link- SNORT The ports that you listed are- port 137- Chode, Nimda port 137- (UDP) - Bugbear, Msinit, Opaserv, Qaz port 138- Chode, Nimda port 139 -Chode, Fire HacKer, Msinit, Nimda, Opaserv, Qaz port 445- Nimda

Thanks a lot! Alex.