I noticed an unusual amount of network activity via Windows Task Manager and looked at Realtime Connections under Realtime Graphs.

I found GBs transferred to IP/host below. The transferred amount was continually climbing while I was watching. I rebooted my router and about 15 seconds after reboot, it started transferring again. The local IP shown below is my work laptop, which I was on at the time. I had nothing running that should have been transferring anything.

Here's what I saw in Realtime Connections minus the transferred counts
IPV4 TCP 192.168.1.225:65238 67.208.170.158.nyc.electricfiber.net:443

I have a lot of other connections to the same domain with much smaller transfer stats, all from the same PC.
67.208.170.133.nyc.electricfiber.net:443
67.208.170.151.nyc.electricfiber.net:443

In the future is there a way to quickly determine what is happening when I see large transfers of data? Also, is there anyway to figure out just what I'm connected to?

• The server is an Outlook Web site
• The cert's subject CN is uicalaska.com

https://mail.uicalaska.com/

First, thank you for the speedy response. Would you please share how you figured that out?

Sure...

From your post above.

• The port is 443/tcp, that's an HTTPS server
• I just browsed to https://67.208.170.133
• I then checked it's cert:
  
  

  Screenshot from 2019-10-21 12-15-10.png527×626 32.8 KB

I then used a domain (e.g. mail).

By the way, the other IP's cert is https://adcac.uicalaska.com/ ...but there's some odd HTTPS selection working - they may be behind a load balancer of some sort. This adcac hosts fails trying to reach VDCLYNCEDGE01.uic.com.

Thanks for the help. This traffic is from my own company. At least that makes me feel better.

iftop -i any
tcpdump -i any
whois example.org
openssl s_client -connect example.org:443

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.