Best Azure function to identify surge in outgoing network traffic

Question

We have two Azure VM's hosting web applications with back-end databases on each respective server. In the last few days we've seen a massive surge in outgoing data within the metrics. Normally this would be something to celebrate, but the rapid change has me unsettled and I'm struggling to find what's caused this.

This increase is mirrored across both servers (albeit five days apart). We've checked our IIS logs, and web application login reports but there's nothing to indicate what is causing this increase.

I've looked online for the appropriate tool in Azure to investigate but can only find results pertaining to network failures/port misconfiguration, etc.

Can anyone please let me know which Azure tool would pinpoint the culprit here and what an initial check would be?

Answer 1

After fine-tuning our efforts to the actual server rather than the Azure infrastructure I found two great tools that isolated the issue immediately:

1. TCP Connections tab within Windows' Resource Monitor tool
2. TCPView (free and part of the excellent Sysinternals suite)

The problem is a process called "s2rcm.exe", consuming nearly 5MB/sec. This is Azure Site Recovery's agent. The cause of why this suddenly started occurring remains a mystery at this point in time...