Bandwidth consumption

  • Thread starter Warren Machanik
  • Start date
W

Warren Machanik

I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
2003. It may be conicidence but recently (in the last 3 weeks) two things
occuried on my network. My old DDNS service DirectUpdate stop working after a
security fix was applied, so I replaced it with another. Two I upgraded one
computer to Vista

And about a week after noticed I was chewing bandwidth around 1GB of
bandwidth a day.

I have run TCPView on the one PC and on the Small Busines server. Which is
acting as a router to the external world (connected using a IBurst router on
an extrernal LAN, not running ISA, just the default Firewall in SBS2003)

I have tried checking for spyware, and run all the updates but I cannot find
where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how to
trouble shoot?
--
Warren - All limits are man made
 
S

S. Pidgorny

Looks like something generates a lot of traffic to your WAN
interface/iBurst.

First, you need to find a way of measure traffic through external interface
of your SBS server.
I suggest running combination of perfmon.exe (with Network Interface
counters) and commands like "netstat -e". The ultimate approach is to run
network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
see how much traffic is generated and where to/from. Capturing on internal
interface will show what workstations are generating most traffic. Wireshark
has quite nice analysis tools, very user-friendly.

Then - do elimination.
Shut down the new DNS update service and see if that mekes any difference.
Shut down one of the workstations and see if that makes difference. Repeat
with the other workstations.

The worst thing is that the traffic may be generated externally, discarded
by your systems and still appearing on your bill. In that case you might not
see intensive traffic generated by either workstation or the server.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"Warren Machanik" wrote in
message news:6D4EA387-DE98-4BE8-A3DF-F6F288F1982C@microsoft.com...
>I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> 2003. It may be conicidence but recently (in the last 3 weeks) two things
> occuried on my network. My old DDNS service DirectUpdate stop working
> after a
> security fix was applied, so I replaced it with another. Two I upgraded
> one
> computer to Vista
>
> And about a week after noticed I was chewing bandwidth around 1GB of
> bandwidth a day.
>
> I have run TCPView on the one PC and on the Small Busines server. Which is
> acting as a router to the external world (connected using a IBurst router
> on
> an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
>
> I have tried checking for spyware, and run all the updates but I cannot
> find
> where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> to
> trouble shoot?
> --
> Warren - All limits are man made
 
D

Dan

Good Reply. My work network is seeing unusual activity as well due to DNS
Pollution issues.

"S. Pidgorny " wrote:

> Looks like something generates a lot of traffic to your WAN
> interface/iBurst.
>
> First, you need to find a way of measure traffic through external interface
> of your SBS server.
> I suggest running combination of perfmon.exe (with Network Interface
> counters) and commands like "netstat -e". The ultimate approach is to run
> network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
> see how much traffic is generated and where to/from. Capturing on internal
> interface will show what workstations are generating most traffic. Wireshark
> has quite nice analysis tools, very user-friendly.
>
> Then - do elimination.
> Shut down the new DNS update service and see if that mekes any difference.
> Shut down one of the workstations and see if that makes difference. Repeat
> with the other workstations.
>
> The worst thing is that the traffic may be generated externally, discarded
> by your systems and still appearing on your bill. In that case you might not
> see intensive traffic generated by either workstation or the server.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>
> "Warren Machanik" wrote in
> message news:6D4EA387-DE98-4BE8-A3DF-F6F288F1982C@microsoft.com...
> >I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> > 2003. It may be conicidence but recently (in the last 3 weeks) two things
> > occuried on my network. My old DDNS service DirectUpdate stop working
> > after a
> > security fix was applied, so I replaced it with another. Two I upgraded
> > one
> > computer to Vista
> >
> > And about a week after noticed I was chewing bandwidth around 1GB of
> > bandwidth a day.
> >
> > I have run TCPView on the one PC and on the Small Busines server. Which is
> > acting as a router to the external world (connected using a IBurst router
> > on
> > an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
> >
> > I have tried checking for spyware, and run all the updates but I cannot
> > find
> > where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> > to
> > trouble shoot?
> > --
> > Warren - All limits are man made

>
>
>
 
W

Warren Machanik

Took a while to come back to the forum. I had a business to run and have not
had the time to try and troubleshoot. We identified the PC that was causing
most of the problem, we are not sure if we have solved the problem since we
systimatically disable it from the network. I have performed Spyware scanns
and update virus definitions and examined the startup and removed anything
that was suspicous.

I am interested in this DNS thing since I am having a problem which may be
related that the first time I look for a web site it does not load, then you
press enter on the browser and it loads. Sure it is DNS
--
Warren - All limits are man made


"Dan" wrote:

> Good Reply. My work network is seeing unusual activity as well due to DNS
> Pollution issues.
>
> "S. Pidgorny " wrote:
>
> > Looks like something generates a lot of traffic to your WAN
> > interface/iBurst.
> >
> > First, you need to find a way of measure traffic through external interface
> > of your SBS server.
> > I suggest running combination of perfmon.exe (with Network Interface
> > counters) and commands like "netstat -e". The ultimate approach is to run
> > network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
> > see how much traffic is generated and where to/from. Capturing on internal
> > interface will show what workstations are generating most traffic. Wireshark
> > has quite nice analysis tools, very user-friendly.
> >
> > Then - do elimination.
> > Shut down the new DNS update service and see if that mekes any difference.
> > Shut down one of the workstations and see if that makes difference. Repeat
> > with the other workstations.
> >
> > The worst thing is that the traffic may be generated externally, discarded
> > by your systems and still appearing on your bill. In that case you might not
> > see intensive traffic generated by either workstation or the server.
> >
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >
> >
> > "Warren Machanik" wrote in
> > message news:6D4EA387-DE98-4BE8-A3DF-F6F288F1982C@microsoft.com...
> > >I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> > > 2003. It may be conicidence but recently (in the last 3 weeks) two things
> > > occuried on my network. My old DDNS service DirectUpdate stop working
> > > after a
> > > security fix was applied, so I replaced it with another. Two I upgraded
> > > one
> > > computer to Vista
> > >
> > > And about a week after noticed I was chewing bandwidth around 1GB of
> > > bandwidth a day.
> > >
> > > I have run TCPView on the one PC and on the Small Busines server. Which is
> > > acting as a router to the external world (connected using a IBurst router
> > > on
> > > an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
> > >
> > > I have tried checking for spyware, and run all the updates but I cannot
> > > find
> > > where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> > > to
> > > trouble shoot?
> > > --
> > > Warren - All limits are man made

> >
> >
> >
 
S

S. Pidgorny

G'day:

Warren Machanik wrote:

> I am interested in this DNS thing since I am having a problem which may be
> related that the first time I look for a web site it does not load, then you
> press enter on the browser and it loads. Sure it is DNS


Sure it is. Configure your PCs and/or the router to use your ISP's DNS
first.

S.
 
D

Dan

Have Fun, lots of info. at us-cert.gov on the vulnerability ----

http://www.kb.cert.org/vuls/id/800113



"Warren Machanik" wrote:

> Took a while to come back to the forum. I had a business to run and have not
> had the time to try and troubleshoot. We identified the PC that was causing
> most of the problem, we are not sure if we have solved the problem since we
> systimatically disable it from the network. I have performed Spyware scanns
> and update virus definitions and examined the startup and removed anything
> that was suspicous.
>
> I am interested in this DNS thing since I am having a problem which may be
> related that the first time I look for a web site it does not load, then you
> press enter on the browser and it loads. Sure it is DNS
> --
> Warren - All limits are man made
>
>
> "Dan" wrote:
>
> > Good Reply. My work network is seeing unusual activity as well due to DNS
> > Pollution issues.
> >
> > "S. Pidgorny " wrote:
> >
> > > Looks like something generates a lot of traffic to your WAN
> > > interface/iBurst.
> > >
> > > First, you need to find a way of measure traffic through external interface
> > > of your SBS server.
> > > I suggest running combination of perfmon.exe (with Network Interface
> > > counters) and commands like "netstat -e". The ultimate approach is to run
> > > network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
> > > see how much traffic is generated and where to/from. Capturing on internal
> > > interface will show what workstations are generating most traffic. Wireshark
> > > has quite nice analysis tools, very user-friendly.
> > >
> > > Then - do elimination.
> > > Shut down the new DNS update service and see if that mekes any difference.
> > > Shut down one of the workstations and see if that makes difference. Repeat
> > > with the other workstations.
> > >
> > > The worst thing is that the traffic may be generated externally, discarded
> > > by your systems and still appearing on your bill. In that case you might not
> > > see intensive traffic generated by either workstation or the server.
> > >
> > > --
> > > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > > -= F1 is the key =-
> > >
> > > * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> > >
> > >
> > > "Warren Machanik" wrote in
> > > message news:6D4EA387-DE98-4BE8-A3DF-F6F288F1982C@microsoft.com...
> > > >I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> > > > 2003. It may be conicidence but recently (in the last 3 weeks) two things
> > > > occuried on my network. My old DDNS service DirectUpdate stop working
> > > > after a
> > > > security fix was applied, so I replaced it with another. Two I upgraded
> > > > one
> > > > computer to Vista
> > > >
> > > > And about a week after noticed I was chewing bandwidth around 1GB of
> > > > bandwidth a day.
> > > >
> > > > I have run TCPView on the one PC and on the Small Busines server. Which is
> > > > acting as a router to the external world (connected using a IBurst router
> > > > on
> > > > an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
> > > >
> > > > I have tried checking for spyware, and run all the updates but I cannot
> > > > find
> > > > where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> > > > to
> > > > trouble shoot?
> > > > --
> > > > Warren - All limits are man made
> > >
> > >
> > >
 

Similar threads

Back
Top Bottom