RE: Huge increase in outgoing traffic - how to figure out why?
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Wed, 01 Nov 2006 07:13:16 GMT
Hello Mike,
Thank you for posting here.
According to your description, I understand that you want to analyze the
specific traffic from one of your internal computers via ISA server. If I
have misunderstood the problem, please don't hesitate to let me know.
ISA 2004 can give out Top Users by total traffic load, but ISA 2004
reporting function can't analyze the traffic coming from individual user.
As I know, ISA Server 2004 Query can give you some help. It gathers
real-time traffic via ISA and logs them. You may get the info your want in
the query.
To edit and run ISA Server 2004 log queries, follow these steps:
1. Click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management.
2. In the Microsoft Internet Security and Acceleration Server 2004 console,
expand YourServerName , and then click Monitoring.
3. In the center pane, click the Logging tab, right-click Log Record Type,
and then click Edit Filter.
Note By default, ISA Server 2004 includes the following two filter queries.
However, you can customize the criteria of both queries to create
additional filter queries.
Log Record Type
Log Time
4. In the Edit Filter dialog box, click the Log Record Type entry, and then
click the criteria that you want to filter by in each drop-down list.
5. Click the Log Time entry, and then click the criteria that you want to
filter by in each drop-down list.
6. Click Update, and then click Start Query.
In the center pane you will see Fetching Results appear while the query
runs. After the query has started, results are displayed in the center
pane. The results contain information about the most common network
features and about the results from the filter criteria that you have set.
You can use this information to analyze the traffic from your computer via
ISA server.
In addition, some third party applications can analyze traffic on user
basis.? For example, you can find an application GFI WebMonitor for ISA
Server from the following web page:
http://www.isaserver.org/software/ISA/Monitoring-&-Admin/
==========================
This response contains a reference to a third party World Wide Web site.?
Microsoft can make no representation concerning the content of these
sites.? Microsoft is providing this information only as a convenience to
you:? this is to inform you that Microsoft has not tested any software or
information found on these sites and therefore cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there.? There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
on the Internet.
==========================
Meanwhile, you mentioned that one of your particular workstation sends out
large amount of traffic thru the ISA Server. I suspect this particular
workstation may be infected by virus which leads to huge packets being
spreading out. Do you have anti-virus software installed on the
workstations? Please perform full virus scan on the internal computers. If
you do not have anti-virus application installed, you may try:
http://housecall.trendmicro.com/
Hope this helps. Please let me know the results so that I can provide
further assistance on this problem. I am looking forward to your reply.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx>
| Subject: Huge increase in outgoing traffic - how to figure out why?
| Date: Tue, 31 Oct 2006 09:57:55 -0600
| Lines: 28
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| Message-ID: <efbhZVQ$GHA.4316@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 70-41-130-208.cust.wildblue.net 70.41.130.208
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:309323
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Running SBS 2003 Premium, Exchange, ISA 2004, WSUS, 2 NIC's and a router,
| dynamic IP, DDNS service from dyndns.org. I also run Symantec Corporate
| Antivirus ver 9, and Windows Defender on the server and workstations.
| ==============================
| Ran a check of our in/outbound traffic using a web app from the ISP and
saw
| a big spike in our outbound traffic a week ago. Big enough where we are
| very close to the ISP's threshold for "Fair Access". (3 GB per rolling 30
| day period). Tracked it down using ISA's reporting feature, to our
| Executive Director. He's been uploading large files to associates. OK.
|
| Ran another check this morning and saw were are still spiked, should have
| seen a downward trend yesterday. Ran a report in ISA and saw that MY
| computer had the highest outbound traffic in the last 2 days - 185 MB
| outbound.
|
| I'm flabbergasted (but then I am still inexperienced in this arena.) I
| could swear I uploaded no more than 10 MB or so yesterday (via Outlook).
Is
| there a way to use ISA's reporting features to find out some specifics on
| WHAT was uploaded and WHEN? I ahve a hunch now that we may ahve been
| high-jacked, but need to start at the beginning so I know how to proceed.
|
| Many thanks in advance!!
| --
| Mike Webb
| Platte River Whooping Crane Maintenance Trust, Inc.
| a 501 (c)(3) conservation non-profit organization
|
|
|
.
- Follow-Ups:
- Re: Huge increase in outgoing traffic - how to figure out why?
- From: Mike Webb
- Re: Huge increase in outgoing traffic - how to figure out why?
- References:
- Huge increase in outgoing traffic - how to figure out why?
- From: Mike Webb
- Huge increase in outgoing traffic - how to figure out why?
- Prev by Date: 2003 Server Network Issues
- Next by Date: Re: How to uninstall and redeploy outlook 2003
- Previous by thread: Huge increase in outgoing traffic - how to figure out why?
- Next by thread: Re: Huge increase in outgoing traffic - how to figure out why?
- Index(es):
Relevant Pages
|
Loading
