What is trafic to server doing?

  • retag add tags

Hello All,

Does someone want to help me interpret a pcap file to tell me what some traffic is doing?

I notice a connection though my router connecting to one of my servers using a lot of bandwidth. I can't find anything in any Windows or application logs on the server that references the sending servers IP address. The data is sent on port 443, so I suspect it's sending to the web site, but again, it doesn't seem to be doing anything with IIS. It doesn't appear that the remote server belongs one of our customers, so I am investigating. I did a pcap capture and pulled it up in Wireshark, and the connection shows the connection, but I am a little lost at how to figure it out from here.

Anyone interested in helping me solve this mystery?

Thanks,

Ken

Ken's avatar
1
Ken
asked 2020-07-23 14:41:34 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I would have a look. You can upload your capture here

JasMan's avatar JasMan (2020-07-23 18:53:38 +0000) edit
more
  • delete
add a comment see more comments