Can not find source of extreme TX of data

[thabrock]

Today our network slowed down to a crawl (168 kbps down/ 130 kbps up). We usually average about 3.5 Mbps/768 kbps.

Did some tests with out service provider and it ends up that our server is broadcasting data constantly and is taking all the bandwidth.

Checked our Symantec Anti-Virus log and all looked good, checked for spyware and it checked out fine, checked the firewall on our Cisco 871W router and all was well, looked at the running processes and nothing was there that shouldn't be.

But I can see on the modem and the router that there is a constant stream of data flowing.

I am sort of a n00b and can't figure out how to track down the source of the data stream. We are not running any streaming video or audio services; I shut down all workstations except for the server itself.

Any help would be much appreciated.

 

[LawnBoy]

you could use WireShark (Ethereal) to sniff the traffic; this would tell you what the traffic is composed of but won't tell you what software is generating it. Besides you already know that it's coming from your server.

I assume it's a windows box, have you rebooted?

I would rescan with different virus and spyware checkers. Run several different ones on that server. If you still don't find the rogue process try using Process Explorer to examine what's running on the server (some programs can 'hide' from Task Manager, ProcExpl will show all).

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

Good luck.