10s_received_packets_storm.md 1.5 KB
Understand the alert
This alert is triggered when there is a significant increase in the number of received packets within a 10-second interval. It indicates a potential packet storm, which may cause network congestion, dropped packets, and reduced performance.
Troubleshoot the alert
Check network utilization: Monitor network utilization on the affected interface to identify potential bottlenecks, high bandwidth usage, or network saturation.
Identify the source: Determine the source of the increased packet rate. This may be caused by a misconfigured application, a faulty network device, or a Denial of Service (DoS) attack.
Inspect network devices: Check network devices such as routers, switches, and firewalls for potential issues, misconfigurations, or firmware updates that may resolve the problem.
Verify application behavior: Ensure that the applications running on your network are behaving as expected and not generating excessive traffic.
Implement rate limiting: If the packet storm is caused by a specific application or service, consider implementing rate limiting to control the number of packets being sent.
Monitor network security: Check for signs of a DoS attack or other security threats, and take appropriate action to mitigate the risk.