Gradual network crash

[wanzelbin]

Hi folks. Apologies for crashing straight in with a nasty problem, but I'm desperate. Will try and have a look through rest of forum afterwards and help others!

Working on a small Windows XP network. 4 PCs, 2 are wireless and 2 are wired. All connected to a Netgear wireless router/switch/adsl-modem, which also serves as DHCP server. No internal DNS or WINS - just plain old Netbios for naming.

It was noted that occaisionally the wireless connections on this network were going down, shortly followed by general network connectivity from and between all machines and to the Internet.

We quickly discovered that restarting the netgear wireless router/modem/switch resolved everything.

This gradual network failure has become more and more of a problem - we swapped out the router about a month ago (for an identical model), and though initially better, things appear to be deteriorating again. Apparently the users are resetting the router as many as 8 or 9 times a day!

Using Ethereal, I noticed that one of the wired machines on the network was communicating with the router for no obvious reason. It would steadily work through a consecutive run of local port numbers, connecting to port 49152 on the netgear router and simply sending a SYN, RST, PSH or ACK - no actual content though. Ethereal noted a checksum error on these connections (though it does tend to do that a lot of the time anyway I've noticed), but I'm wondering if this may have anything to do with the router / network failure. I didn't find anything else out of the ordinary. I've tried resetting the TCP and Winsock stuff on this particular PC, but it's made no difference.

I used SysInternal's TCPView to determine that svchost (-k netsvcs) is responsible for the particular connection, but having looked through the various related service processes (isn't svchost lovely ), there's nothing obviously dodgy.

Has anyone ever seen anything like this, or knows of a particular legitimate or nasty process that has this kind of behaviour? Any ideas would be great - I've tried everything and my customer is getting pretty annoyed about things. I'm mostly a programmer and getting rapidly out of my depth. It may be this strange connection from the PC, or it may be something else entirely!!

The PC in question has McAfee AV and firewall, and I've arranged with the customer to have it turned off for all of tomorrow morning to see if that resolves things.

Thanks in advance for any help you might be able to offer.

David