We have just attached a new user to our network who uses a Mac Powerbook running Tiger. The only apps he knows of that access the web are AIM and Firefox. AIM 30 - 40 IMs a day, firefox just general site browsing no large downloads.
ISA 2000 web usage report logs an UNKNOWN site with 194274 requests and 857.9MB of bytes in. The Mac users IP actually logs 411265 requests with same bytes in. The only connection type request amount large enough to correspond to this is an SSL-tunnel and all other details that might correspond to the large number of requests are listed as UNKNOWN. The user uses the same applications when connecting via his cell phone and has not experienced high usage charges.
I suspect its something to do with AIM, which uses a secure connection, and thought maybe the ticker news and stocks that are default, but 857MB is a lot even for that. Also thought it may be an ISA error.
Is there an app (similar to ISA) we can run on the Mac to see whether data is actually being downloaded and if so by which application? Any other thought?