I have a client running a small 10 person Windows server 2008 domain. The other morning , 3 days after the beginning of the month, his 6Gig bandwidth cap was depleted. He assured me that there had been no big downloads done, and I then checked for viruses. They are using Nod32 Business edition, and I checked each machine, most came back clean, with 2 of them coming back with negligible threats. Their ISP said that the traffic was definitely all generated through their allocated port, so it couldnt have been someone using their details elsewhere. I ran a network sniffer to see if their was any weird traffic, but couldnt really see anything untoward. Does anyone have any ideas as to what else I could check to see what caused this. Im including the sniffer log, but Im not sure what help this will be, as it was only run after the fact.