High Outbound HTTP traffic Blue Coat Packeteer

Posted on 2011-04-20
Last Modified: 2012-08-14
We are using a packetshaper (blue coat) device 135-10014804. we have a higher than normal bandwidth going OUT using the HTTP protocol. We have used the IP addresses in the Top talkers report to identify several machines on our domain that had viruses and have fixed them. However we noticed that there are quite a few EXTERNAL IP addresses in the TOP TALKERS list. I may be missing something, but if it is OUTBOUND HTTP traffic and we are looking at the top TALKERS list... shouldn't all the IP addresses be internal ones to our own network
Question by:ianmac50
    LVL 17

    Expert Comment

    Yes, logically  there should be only internal IP's. But to be very sure please paste some of the public IP's that you are seeing and let us know where you are located. We can (you can too) use the list to see where/who owns the IP and can decide whether they are real viruses/trojans/malwares or vallid ones.

    Just enter the ip below and it will show you who is the owner.


    Author Comment

    Seems strange all traffic has reverted back to only internal IPs sending outbound http traffic (top talkers). yes we had already done a reverse lookup on the IPs we saw and one was a data centre provider in the ukraine and the other was a streaming service. Other than a hacker or virus I can't see how external IPs would be sending from inside our network. Even if it was a virus or a trojan sending out traffic surely the originating IP should be one of ours (ie the infected machine). The top listeners should give us the culprit site (ie the destination of the traffic) however I would have thought all the talkers should be our IPs..
    LVL 17

    Accepted Solution

    Not necessarily, trojans/worms do mask IP's to prevent tracking from source. Otherwise it's easy to heal the infected m/c. Nice to hear everything back to normal.

    Author Closing Comment

    Not alot of detail was in the answer, it really only told me what I already knew it made me feel better that someone was agreeing with me but wasn't an  indepth response with detailed information to back up the reasons behind the response

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now