hallnet
asked on
High internet usage - 5GB a day unknown cause
Hi,
I am trying to figure out why all my ISP quota is been eaten up, 5GB per day, we use no torrenting software havent downloaded anything (happened on a saturday while no one was in the office). Also wireless was using WPA2 but is now turned off, router firewall is only allowing a few select ports through like VPN and mail. Port scanners dont show unusual ports open.
the network runs a SBS 2008 server and 3 XP clients, server is updated and the network is protected by Trend Micro Worry Free Advanced - the console has not reported any viruses, spyware or high volumes of spam.
any ideas? thanks
I am trying to figure out why all my ISP quota is been eaten up, 5GB per day, we use no torrenting software havent downloaded anything (happened on a saturday while no one was in the office). Also wireless was using WPA2 but is now turned off, router firewall is only allowing a few select ports through like VPN and mail. Port scanners dont show unusual ports open.
the network runs a SBS 2008 server and 3 XP clients, server is updated and the network is protected by Trend Micro Worry Free Advanced - the console has not reported any viruses, spyware or high volumes of spam.
any ideas? thanks
If you know what computer the 5GB of data is going to, then run Wireshark on it. It will tell you what kind of packets are being delivered to the computer. It should give you an Idea if your network is vulnerable (or is being attacked) It should run fine on the server as well. -> http://www.wireshark.org
has this happenede one time, or does it happen frequently?
Was the wireless up when this happened?
You could some kind of monitoring software that enables statistics for you. Are there any logs on Router? is this ISPs router?
Was the wireless up when this happened?
You could some kind of monitoring software that enables statistics for you. Are there any logs on Router? is this ISPs router?
For the internet usage control you can find some here:
http://www.webattack.com/downloadfind.php?st=internet+usage+control&search=Search&action=s
For control the bandwidth of the network:
http://www.webattack.com/downloadfind.php?st=control+bandwidth+of+the+network&search=Search&action=s
http://www.webattack.com/downloadfind.php?st=internet+usage+control&search=Search&action=s
For control the bandwidth of the network:
http://www.webattack.com/downloadfind.php?st=control+bandwidth+of+the+network&search=Search&action=s
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
That will give you some useful information.
If that isn't enough, look for a compatible web filtering / reporting software such as SurfControl, SpectorPro, or EBlaster.
http://www.surfcontrol.com/
http://www.spectorsoft.com/
That will give you some useful information.
If that isn't enough, look for a compatible web filtering / reporting software such as SurfControl, SpectorPro, or EBlaster.
http://www.surfcontrol.com/
http://www.spectorsoft.com/
ASKER
Thanks will check these sites out, the wireless was enabled with WPA2 but I disabled it to be sure but to no effect. Looks like it must be the server as all the workstations were turned off overnight and it's still happening.... Server NIC show steady amount of bytes being transferred when I connect to it but I have not been able to connect this to the issue as yet, everything looks fine... Can't be a
bad NIC driver cause it's WAN traffic so j need to try the links you guys suggested, problem is its the weekend
and in a last ditch effort before the weekend I disabled the VPN (thought it might be malfunctioning and causing
the traffic) and now I can't get in but can watch the usage
tick over, it's 3am and it's saying about 1GB has been downloaded since midnight.... *sigh*
bad NIC driver cause it's WAN traffic so j need to try the links you guys suggested, problem is its the weekend
and in a last ditch effort before the weekend I disabled the VPN (thought it might be malfunctioning and causing
the traffic) and now I can't get in but can watch the usage
tick over, it's 3am and it's saying about 1GB has been downloaded since midnight.... *sigh*
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cacti is a brilliant software beside nagios and MRTG ..... to narrow down the problem,
please check http://docs.cacti.net/
madunix
please check http://docs.cacti.net/
madunix
I was reading the other day that wsus server can download larger amounts of updates for your systems.
I believe there is a option to not to allow unapproved updates. Unfortunatelly im not familiar with wsus so i cant offer furtther input.
I believe there is a option to not to allow unapproved updates. Unfortunatelly im not familiar with wsus so i cant offer furtther input.