Re: NIC always stays on...how to track traffic in Windows 2003
- From: "Andrei Ungureanu" <contact me via www.itboard.ro>
- Date: Wed, 31 May 2006 22:39:00 +0300
yes.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au
"Thomas" <thomas.trinh@xxxxxxxxx> wrote in message
news:%2357BHeDhGHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
Hi Andrei
I used netstat -na and found out there are some connections to external
IPs that uses port 25. The state was ESTABLISHED. I'm running IIS SMTP
server (for sending out emails from our software) on the box, does that
mean my SMTP is making connections to remote email servers?
Tom
"Andrei Ungureanu" <contact me via www.itboard.ro> wrote in message
news:uOmP4YreGHA.3456@xxxxxxxxxxxxxxxxxxxxxxx
or you can use <netstat -na> to see the connections from your computer.
Based on the netstat output you can see who is the remote computer and
what port is used.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au
"ajpra" <ajpra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C31ED00-84E7-42DE-B9EB-82EF7973EFDF@xxxxxxxxxxxxxxxx
Hello Thomas,
I could certainly have a look at the netmon trace. Please mail the
capture
file to ajayprk@xxxxxxxxxx Also please mention the ip address of the
machine
on which this trace was taken, along with the roles of this machine i.e.
DC,
DNS, DHCP etc.
I will let you know if i come across anything unusual.
Regards,
Ajay Prakash
"Thomas" wrote:
Hi Ajay,
Thanks for the help. I captured the Monitor log and saved it. After
viewing the log, I still can't decipher if my server is sending
legitimate
traffic. If it's possible, you think I could email you the capture
file?
Please email me at sfaryu@xxxxxxxxxxx if you think you can help me out.
Thanks.
Tom
"ajpra" <ajpra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C48A2733-EB9D-4CDD-BB36-086BD9346E2E@xxxxxxxxxxxxxxxx
Hello,
You can install and run the network Monitor tool (included in 2003
setup
cd). This tool can be installed through Add remove programs -> add
remove
windows components. This tool will capture all the network traffic
leaving
and coming to your machine including ip addresses, ports and type of
data
that is flowing.
When you run network monitor tool for the first time, it will ask you
for
the interface on which it should be run. Choose your Local Area
Connection
on
which you are seeing the network activity. Also increase the buffer
size
from
the capture menu to at least 5 megs. Run the trace for about 5
minutes and
then stop and view the capture. It will list all network traffic
originiting
and coming to your machine.
If you need further help in reading the traces, please let me know.
Regards,
Ajay Prakash
"Thomas" wrote:
Hi,
I have a W2K3 server that has a NIC that is always on (meaning data
are
being transferred). Double clicking the NIC, I see the received and
sent
packet counter keeps increasing every second.
Is there anyway in Windows natively to track what program or
services are
sending those packets? I'm using the Performance counter right now,
but
it
doesn't tell me much.
TIA
Tom
.
- References:
- NIC always stays on...how to track traffic in Windows 2003
- From: Thomas
- Re: NIC always stays on...how to track traffic in Windows 2003
- From: Thomas
- Re: NIC always stays on...how to track traffic in Windows 2003
- From: ajpra
- Re: NIC always stays on...how to track traffic in Windows 2003
- From: Andrei Ungureanu
- Re: NIC always stays on...how to track traffic in Windows 2003
- From: Thomas
- NIC always stays on...how to track traffic in Windows 2003
- Prev by Date: Re: AD replication to win2k3
- Next by Date: Re: Running a DOS App from Win2000
- Previous by thread: Re: NIC always stays on...how to track traffic in Windows 2003
- Next by thread: Re: Image display problem
- Index(es):
Relevant Pages
|
