This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Monitor and analyse traffic of a specific client

Hi all,

we are facing some connection issues with our outlook users. Sometimes they can connect to the local Exchange server and sometimes they don't.

When the problem occurs it seems to me that outlook is trying to connect to an Exchange server outside of our LAN. Like office365 or something.

Is there a way to exactly analyze with our UTM (SG210) which connections the clients are trying to establish?

In other words: I want to see which external http(s) addresses the client 192.168.0.100 is trying to connect to.

Thanks in advance for your support!

Greetings Aktuator



This thread was automatically locked due to age.
Parents
  • you may use the firewall live-log and use the following filter 192.168.0.100.*443

    so you only see https traffic for this one client.

    or download the complete firewall-logfile and check these.

    if you use WebFilter you have to check this file too.

    another option is to capture all traffic from these client with wireshark directly at the UTM.

    At the client are some options too.

    first the outlook status icon as explained by alexander.

    Also tcpview from sysinternals is usefull.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • you may use the firewall live-log and use the following filter 192.168.0.100.*443

    so you only see https traffic for this one client.

    or download the complete firewall-logfile and check these.

    if you use WebFilter you have to check this file too.

    another option is to capture all traffic from these client with wireshark directly at the UTM.

    At the client are some options too.

    first the outlook status icon as explained by alexander.

    Also tcpview from sysinternals is usefull.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data