Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Program for Macintosh to analyse what applications are accessing the web, download amounts and sites accessed

We have just attached a new user to our network who uses a Mac Powerbook running Tiger. The only apps he knows of that access the web are AIM and Firefox. AIM 30 - 40 IMs a day, firefox just general site browsing no large downloads.
ISA 2000 web usage report logs an UNKNOWN site with 194274 requests and 857.9MB of bytes in. The Mac users IP actually logs 411265 requests with same bytes in. The only connection type request amount large enough to correspond to this is an SSL-tunnel and all other details that might correspond to the large number of requests are listed as UNKNOWN. The user uses the same applications when connecting via his cell phone and has not experienced high usage charges.
I suspect its something to do with AIM, which uses a secure connection, and thought maybe the ticker news and stocks that are default, but 857MB is a lot even for that. Also thought it may be an ISA error.
Is there an app (similar to ISA) we can run on the Mac to see whether data is actually being downloaded and if so by which application? Any other thought?
0
littlehogarth
Asked:
littlehogarth
1 Solution
 
WodCommented:
You could try one of those free network monitoring tools:

Flame: http://husk.org/apps/flame/ (might be the easiest one for seeing what you need to see)

Apples Server Admin Tools: http://www.apple.com/support/downloads/serveradmintools1047.html

or Wireshark: http://www.wireshark.org/

Regards
0
 
strungCommented:
0
 
Eoin OSullivanConsultantCommented:
Little Snitch will show you ALL applications on the Mac which are requesting Internet access .. you can allow/deny the access and see does it make a difference to your network traffic.  The one limitation is that it doesn't record the volume of network traffic.

There are a load of small processes on the Mac that do connect to the Internet such as Apple Time Server, Software Update etc but these would not be responsible USUALLY for such a large amount of data download.

You can also use the Activity Monitor application located in Application: Utilities on the Mac to see what processes are running and their memory usage and level of network activity.


0
 
littlehogarthAuthor Commented:
Hi team,

Thanks for all the suggestions. I went with WOD's suggestion to use Wireshark because of the large amount of information provided and that it also has Windows and Linux variants. Wireshark helped rule out AIM as the problem and the logs although needing some deciphering highlighted Goggle Calendar as the problem. The user had only just accepted to use online sync and so if i'd known of this prior it would have been the obvious culprit. We shut down Goggle Calendar and Wireshark showed the large volume of requests disappeared. Now just waiting for the ISA Server report to update and confirm the news, but should be all happy now.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now