We're running SBS 2003 SP2 and I'm wondering if there's any easy way to find out were traffic during specific time is generated from?
In my case, the overall traffic consumption per day is roughly 8GB. I'm not concerned about the general traffic (those 8GB mostly include transfering backup files during the night) but in a specific time frame.
Just an example: suddenly at 10:30 a.m. the internet connection slows does very notably. I checked our automated backup and other transfer services and none of them is running. I still have a network with about 15 PCs scattered around the building which could potentially generate the traffic.
We only have a small 2MBit line, thus the line can be quickly saturated during office hours. I'm not suspected any user doing something wrong, I think there's some software automated thing going on, but I'm not sure. Maybe it's the Windows or Adobe automated downloads, but how can I know for sure?
I was looking at the generated report from ISA 2004 already and see a lot of numbers, but I can't tell for sure between which time frame which client generated the traffic.
I can see the peak on the Server itself by going to the network tab in the task-manager and I see that the external 100Mbit interface is at 2% == 2Mbit, but I can't figure out where it's actually coming from exactly.
I think I can rule out that it is the Server itself generating the traffic, because the traffic graph from the external interface matches the LAN interface which serves my users (our DMZ interface, which contains our automated backup services, is at 0 at that time).
How can I further tackle the problem?
Best Answer
I'm sure there's a way to better interpret the info coming from your ISA server, but in case everything fails: "In wireshark we trust"
It runs on Windows too: http://www.wireshark.org/download.html