What is trafic to server doing?

asked 2020-07-23 14:41:34 +0000

Hello All,

Does someone want to help me interpret a pcap file to tell me what some traffic is doing?

I notice a connection though my router connecting to one of my servers using a lot of bandwidth. I can't find anything in any Windows or application logs on the server that references the sending servers IP address. The data is sent on port 443, so I suspect it's sending to the web site, but again, it doesn't seem to be doing anything with IIS. It doesn't appear that the remote server belongs one of our customers, so I am investigating. I did a pcap capture and pulled it up in Wireshark, and the connection shows the connection, but I am a little lost at how to figure it out from here.

Anyone interested in helping me solve this mystery?



I would have a look. You can upload your capture here

JasMan gravatar imageJasMan ( 2020-07-23 18:53:38 +0000 )edit