littlehogarth
asked on
Program for Macintosh to analyse what applications are accessing the web, download amounts and sites accessed
We have just attached a new user to our network who uses a Mac Powerbook running Tiger. The only apps he knows of that access the web are AIM and Firefox. AIM 30 - 40 IMs a day, firefox just general site browsing no large downloads.
ISA 2000 web usage report logs an UNKNOWN site with 194274 requests and 857.9MB of bytes in. The Mac users IP actually logs 411265 requests with same bytes in. The only connection type request amount large enough to correspond to this is an SSL-tunnel and all other details that might correspond to the large number of requests are listed as UNKNOWN. The user uses the same applications when connecting via his cell phone and has not experienced high usage charges.
I suspect its something to do with AIM, which uses a secure connection, and thought maybe the ticker news and stocks that are default, but 857MB is a lot even for that. Also thought it may be an ISA error.
Is there an app (similar to ISA) we can run on the Mac to see whether data is actually being downloaded and if so by which application? Any other thought?
ISA 2000 web usage report logs an UNKNOWN site with 194274 requests and 857.9MB of bytes in. The Mac users IP actually logs 411265 requests with same bytes in. The only connection type request amount large enough to correspond to this is an SSL-tunnel and all other details that might correspond to the large number of requests are listed as UNKNOWN. The user uses the same applications when connecting via his cell phone and has not experienced high usage charges.
I suspect its something to do with AIM, which uses a secure connection, and thought maybe the ticker news and stocks that are default, but 857MB is a lot even for that. Also thought it may be an ISA error.
Is there an app (similar to ISA) we can run on the Mac to see whether data is actually being downloaded and if so by which application? Any other thought?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
strung
Little Snitch: http://www.obdev.at/products/littlesnitch/index.html
Little Snitch will show you ALL applications on the Mac which are requesting Internet access .. you can allow/deny the access and see does it make a difference to your network traffic. The one limitation is that it doesn't record the volume of network traffic.
There are a load of small processes on the Mac that do connect to the Internet such as Apple Time Server, Software Update etc but these would not be responsible USUALLY for such a large amount of data download.
You can also use the Activity Monitor application located in Application: Utilities on the Mac to see what processes are running and their memory usage and level of network activity.
There are a load of small processes on the Mac that do connect to the Internet such as Apple Time Server, Software Update etc but these would not be responsible USUALLY for such a large amount of data download.
You can also use the Activity Monitor application located in Application: Utilities on the Mac to see what processes are running and their memory usage and level of network activity.
ASKER
Hi team,
Thanks for all the suggestions. I went with WOD's suggestion to use Wireshark because of the large amount of information provided and that it also has Windows and Linux variants. Wireshark helped rule out AIM as the problem and the logs although needing some deciphering highlighted Goggle Calendar as the problem. The user had only just accepted to use online sync and so if i'd known of this prior it would have been the obvious culprit. We shut down Goggle Calendar and Wireshark showed the large volume of requests disappeared. Now just waiting for the ISA Server report to update and confirm the news, but should be all happy now.
Thanks for all the suggestions. I went with WOD's suggestion to use Wireshark because of the large amount of information provided and that it also has Windows and Linux variants. Wireshark helped rule out AIM as the problem and the logs although needing some deciphering highlighted Goggle Calendar as the problem. The user had only just accepted to use online sync and so if i'd known of this prior it would have been the obvious culprit. We shut down Goggle Calendar and Wireshark showed the large volume of requests disappeared. Now just waiting for the ISA Server report to update and confirm the news, but should be all happy now.