I noticed an unusual amount of network activity via Windows Task Manager and looked at Realtime Connections under Realtime Graphs.
I found GBs transferred to IP/host below. The transferred amount was continually climbing while I was watching. I rebooted my router and about 15 seconds after reboot, it started transferring again. The local IP shown below is my work laptop, which I was on at the time. I had nothing running that should have been transferring anything.
Here's what I saw in Realtime Connections minus the transferred counts
IPV4 TCP 192.168.1.225:65238 126.96.36.199.nyc.electricfiber.net:443
I have a lot of other connections to the same domain with much smaller transfer stats, all from the same PC.
In the future is there a way to quickly determine what is happening when I see large transfers of data? Also, is there anyway to figure out just what I'm connected to?
- The server is an Outlook Web site
- The cert's subject CN is uicalaska.com
First, thank you for the speedy response. Would you please share how you figured that out?
From your post above.
- The port is 443/tcp, that's an HTTPS server
- I just browsed to https://188.8.131.52
- I then checked it's cert:
I then used a domain (e.g. mail).
By the way, the other IP's cert is https://adcac.uicalaska.com/ ...but there's some odd HTTPS selection working - they may be behind a load balancer of some sort. This adcac hosts fails trying to reach
Thanks for the help. This traffic is from my own company. At least that makes me feel better.
iftop -i any
tcpdump -i any
openssl s_client -connect example.org:443
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.