Server Network Traffic abnormal

By ndaugherty ·
Hey everyone. I had a problem pop up on me last monday. All of a sudden a handful of my Windows Servers that reside on VMware ESX have started showing sent bytes in the billions xx,xxx,xxx,xxx ( in just 1-2 days) and recieved bytes are normal in the millions. This is not normal for these servers as they are iis, and other low usage servers. The only reason I noticed was because I was looking for a reason our ASA was getting pounded also. I dont know if they are related. I thought maybe it was related to Symantec enpoint but I am not so confident now. Has anyone had this issue and have any ideas I can check out? I cant seem to catch them and capture the traffic as it happens in spurts. We have 2 ESX hosts and its happening on vm's that reside on each. Thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Try to Capture w/...

by rkuhn In reply to Server Network Traffic ab ...

Download and install Kiwi Syslog Server (free).

It is really easy to install and will grab all your traffic from your ASA. There's even a Syslog Viewer to help with filtering the data.

Made by Solar Winds and much better than what's available on just the ASA.

Collapse -

be very careful

by mafergus In reply to Server Network Traffic ab ...

I would start by checking to see if traffic is on port 80 or at least a consistent port number. Excessive traffic outbound can be a sign of a trojan.

Related Discussions

Related Forums