Server 2003 IP Traffic Logs

[NaughtyGeek]

So, I had a huge spike in network traffic last Friday that lasted nearly an hour and don't know where the hell it came from. I was at 40% network utilization with a teamed pair of 100 mbps nics so 80 mbps sustained traffic. Obviously this is too much to be coming over a broadband connection so I guess the Chinese are out, but I'm trying to figure out if a particular system on my LAN was the culprit. I've combed through all the logs I could find and done extensive googling but have yet to find any logs that show IP connections/activity at the time in question. Does such a log exist in Server 2003 by default or do I need to be running a special utility to capture this kind of info? This is not a web server so the web logs are useless. It's a DC which also serves as a print server and file server. Any help is greatly appreciated as for right now I don't have a good reason for the anomaly.

 

[ViviTheMage]

You were pushing 80mbps to the internet?

 

[jlazzaro]

doubtful any server logs would provided information as to the exact cause/culprit. running something like NetFlow on your switches would provide that information immediately, or try a packet capture on the server if its happens again.

 

[NaughtyGeek]

You were pushing 80mbps to the internet?

No, not to the internet, to/from my server on the LAN. I wish I had an internet pipe that could handle that kind of traffic. ;-)

 

[yinan]

That really isnt that much traffic. As far as logging all that traffic if Windows or any OS did that it would use a tremendous amount of space because networks tend to be very chatty.