How to find cause of massive datatransfer

4

We have a VM (Windows Datacenter 2012) running on Azure. Yesterday, between 10-11 there was 18GB(!) of data transferred into the VM. I can see that in the Azure Monitoring. We are used to transfers up to 2GB once night. None of the users (there's only two) has an explanation. Still we would like very much to know what exactly was transferred into our VM....

Any suggestions as to how I can find out what was transferred and/or what initiated the transfer?

The machine is running SSIS and SSRS. SSIS usually transfers about 2GB worth of data from productionservers into Azure SQL. SSRS transfers about 200MB each night. Apart from that, the machine is doing essentially nothing.

Henrov

Posted 2013-10-15T07:52:56.733

Reputation: 168

@nixda Not relevant, it doesn't have anything to do with the issue here. – AStopher – 2014-06-03T08:29:18.900

Answers

2

Use Wireshark to capture the traffic (or sample of it) and analyse it afterwards.

In principle during time when some network anomaly happens you capture all traffic and later you use wireshark to investigate what was happening during the period. Successful analysis will eventually lead you to IP address, port and protocol of hosts that caused heavy traffic

Wireshark (earlier Ethereal) is program that captures network traffic going out/in your computer and store it in a file. Later you can analyse the traffic (see content of packets or make statistics analysis). details how to use Wireshark can be learn from its' website: http://www.wireshark.org/about.html.

There are also alternatives to wireshark (some are commercial)

maiklos

Posted 2013-10-15T07:52:56.733

Reputation: 118

1More explanation of how to use Wireshark for this would make this a better answer. – ChrisF – 2013-10-19T11:00:54.977

I am familiar with Wireshark but as @chrisf points out: How? Would it cost me a lot of resources? (I assume that some process has to be running to collect the data) And it would not help me to see what happened before I start doing that would it? – Henrov – 2013-10-25T08:15:22.690

Asked: 2013-10-15T07:52:56.733

Viewed: 114 times

Active: 2013-10-19T13:19:18.000