Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Very High Traffic Can't pinpoint to where

grammatonclerick
Well I think I know where it's going.  It's my WIndows PC since when I turn it off the traffic drops.
However, in the Windows 8.1 PC the traffic is not being shown in the networking portion. The software firewall is also quiet.  So what the hell?
Anyhow, it looks like it's using all the bandwith.
I added the IP to the Firewall under block but it's not helping.
Here are the screenshots.


https://imgur.com/a/xcVON
https://imgur.com/a/xcVON#VGopE9b

https://imgur.com/a/p68Sa



This thread was automatically locked due to age.
  • 0
    How does /var/log/http.log look?  

    It can be searched/grepped for the IP of interest. 
     grep -F '"23.62.11.25"' /var/log/http.log


    Note the single quote, double quote, IP, double quote, single quote pattern.
  • 0 in reply to teched_01
    How does /var/log/http.log look?  

    It can be searched/grepped for the IP of interest. 
     grep -F '"23.62.11.25"' /var/log/http.log


    Note the single quote, double quote, IP, double quote, single quote pattern.


    Pinpointed it to Windows STORE app in Windows 8.1.  Somehow it was stuck in a loop and just kept downloading  like crazy.  Had to disable the app in registry.
  • 0
    Hi,

    you know where it shows 81mbit - you can actually click that and it will bring up a live window view of what is being downloaded and how fast. (infact you can click on any of those boxes)

     You can then click on the number of clients and then see which IP/computer it is coming from
  • 0
    @stealthmatt: have the same problem - and I cant see where ist going: neither with iftop nor by clicking the flow window - you just see the adress of the wan interface adress downloading like hell 

    as for me i disabled wsus sync now and it seems to be quiet (i ll see today) 

    just a guess: webfilter av scans windows updates - but they cant be delivered to client/wsus and then the it loops ...
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?