Hi There,
I have a very strange question to ask, is it possible for a virus or malware to be intelligent enough to stop working should an analyzer be used to track it? I ask this as there seems to be something funny happening on my Exchange Server 2003. The queue would shoot up and not come down for a while. When I asked my ISP for an IP stat, it looked like I have had many Mb’s of http traffic going over my diginet line.
Oh yes, my Exchange connection to my ISP is over a 256kb diginet line. My ISP manages the traffic on the line and can give me read outs of what type of traffic is on my diginet line, but that is all.
Getting back to my question, this morning when I got into the office, I noticed at around 9:45 that the mail queue was filling up and that my diginet line was maxed out. I decided to try my hand at WireShark, as I am still a novice when it comes to protocol analyzers, but you have to start somewhere. Anyway I used WireShark to get a capture of all the traffic, then about 10min later the queue was finished and the line was no longer maxed out.
Then at 1:30 today I noticed that the line was maxing out again and the queue was filling up so after about 15 min of monitoring the line there was no really change. So I ran WireShark again and just like before the queue was empty a few minutes later. It just doesn?t make any sense.
Could it just be that my timing happened to be as the line freed up, or could there be some reason as to why after running WireShark for a minute, the line cleared up? It just doesn’t make any sense, well to me at the moment it doesn’t make any sense.
Is there somewhere I could go to get information on how to solve this question.
Thanx in advance 🙂