ianmac50
asked on
High Outbound HTTP traffic Blue Coat Packeteer
We are using a packetshaper (blue coat) device 135-10014804. we have a higher than normal bandwidth going OUT using the HTTP protocol. We have used the IP addresses in the Top talkers report to identify several machines on our domain that had viruses and have fixed them. However we noticed that there are quite a few EXTERNAL IP addresses in the TOP TALKERS list. I may be missing something, but if it is OUTBOUND HTTP traffic and we are looking at the top TALKERS list... shouldn't all the IP addresses be internal ones to our own network
ASKER
Seems strange all traffic has reverted back to only internal IPs sending outbound http traffic (top talkers). yes we had already done a reverse lookup on the IPs we saw and one was a data centre provider in the ukraine and the other was a streaming service. Other than a hacker or virus I can't see how external IPs would be sending from inside our network. Even if it was a virus or a trojan sending out traffic surely the originating IP should be one of ours (ie the infected machine). The top listeners should give us the culprit site (ie the destination of the traffic) however I would have thought all the talkers should be our IPs..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not alot of detail was in the answer, it really only told me what I already knew it made me feel better that someone was agreeing with me but wasn't an indepth response with detailed information to back up the reasons behind the response
Just enter the ip below and it will show you who is the owner.
http://www.whatismyipaddress.com/ip-lookup
Best,