Link to home
Start Free TrialLog in
Avatar of PixelVoodoo
PixelVoodooFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Small Business Server Eating Bandwidth

A client has a SBS 2008 server on a small network with two other pc's (most of the guys work remotely). They have been reaching their 50gb monthly bandwidth by half way through - for the last 4 years they never reached their bandwidth. I had a quick process of elimination and watched the stats on their router and mb's downloaded when i unplugged the newtork cable for the server. It stabilised. When i plugged it back in again the bandwidth started getting hammered again. I'd like some recommendations for tools to install so that i can get some visibility on what is being downloaded. I had a look at wireshark but digesting the information in this context is challenging. I essentially want to find out what is being downloaded and by what service or program. I used netstat but can't see how much mb's each process is responsible for downloading.
ASKER CERTIFIED SOLUTION
Avatar of borki
borki
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would rather recommend you do a good, proper AV scan on your server to eliminate that part of the issue.

Any chance they are doing mailshoot or anything like that as that would affect bandwidth usage on the server too.
Avatar of Lee W, MVP
I'd suggest checking the Performance Tab in Task manager and clicking on the Resource Monitor button.  Then look at what, exactly, is using the network.
A few suggestions.

1. Install Microsoft Network Monitor on the server. Just filter for content going to the router.
2. Use Sysinternals Process Explorer. It has a TCP/IP tab once you've double clicked a process.
3. Use Sysinternals Process Monitor. It allows you see what network traffic is occuring.

-Matt-
Avatar of PixelVoodoo

ASKER

Thanks for the replies, i'd already done a full av scan that came back clean. There have been no mailshots or any other unusual activity by staff. The task manager suggestion and reviewing processes does give rudimentary info but none with regards to how much traffic each process is creating. I had a look at TCPView which did give some further info with regards to edgetransport.exe. I ended up using wireshark to see if i could get any further info on exchange given the edgetransport.exe info from TCPView and saw that their exchange server was using a pop3 connector - one mailbox was generating a lot of traffic and when i had a look at that there were quite a few large emails which for some reason the pop3 connector was trying to download even although it should really have skipped them due to the size. The event log then shone some further light on this. I've deleted the suspect emails from the pop3 mailbox via webmail and ran the pop3 connector to pull the emails down whilst running wireshark again and so far the mailbox in question is acting as should and without additional network traffic. I'll be monitoring the situation and if the issue is resolved i'll accept solutions, else will be back to see if any other suggestions. Thanks for your input.
Wireshark really got me to the bottom of this issue but TCPView sent me in the right direction, so awarding points to that solution. Thanks for your help folks
TCPView sent me in the right direction but didn't give me all the info required to resolve the issue