Got a call from the site tonight telling me that they were having issues with their credit card server timing out. The site has a T1 connection and there was virtually no traffic except point of sale traffic at the site when they contacted me. I looked at the "Network Usage" graphs under reporting and saw strange anomalies; or at least what I perceive to be anomalies. There is essentially no traffic on the LAN interface and no real discernible outbound traffic on the WAN interface, but there is this strange blip on the Inbound side of the WAN interface. I remoted into the server and checked on things and it was painfully slow to connect through our remote interface during this traffic storm. In checking logs, I found that there seems to be a pattern to the traffic. It lasts about the same time and seems to occur at about the same intervals. I was watching the WAN interface traffic during the last occurence and there was virtually nothing happening -- in fact, the location is closed at the moment -- and the interface is spiked on the inbound and nothing is happening.
I have attached screenshots of the graphs and I'm looking for maybe some direction on where to look in the logs to find this traffic and determine where it's coming from.
Any insight you can provide would be great.
Thanks in advance,
Joe J
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
