While a drive mapping ("net use") or other network connection will generate a little traffic between the client and the server from time, as either the client or server passes an authentication token or refresh, it shouldn't be a significant amount. Can you give me an idea of how much data is being transferred when you see these spikes?
If you have SAM, you can also open the realtime process explorer and/or the realtime service explorer to see which programs are using a large amount of CPU and/or RAM - a large file transfer *should* also have a program associated with it.
Even without SAM, you can do the same thing by opening Task Manager and seeing what's running at that time (make sure you check the "show processes from all users" option).
My gut says to check clients for virus, malware, trojans, etc. If that much data is being transferred, SOMETHING is happening on the box.
Amount of the traffic really depends on the time when issue is discovered, we don’t have anyone that constantly watching the monitoring system and we are involved when there is an issue or just noticed when we do/look for something else in Solarwinds.
According to my memory traffic was less than 3G etc.
I think a year ago when it happen it was 2,3G etc. and in the last 6 months happens two times. It was something 1,2G or 1,7 G; Something in this range.
Next time when it happen, I’ll have a look in processes list . Before I didn’t think that can be an issue and I was concentrating all my effort on the network side and “netstat” for on the PC for something suspicious etc.
1 of 1 people found this helpful
Well, I certainly don't recommend having someone watching the monitoring all the time, but you may consider putting together a weekly NetFlow report showing the top talkers, and have that report emailed to key staff.
If this is happening EXTREMELY intermittently (like once every few months) then it will definitely be more challenging to dig into and resolve.