My system is showing unusual high and increasing concurrent connections, despite low traffic. See attached screenshot.
How can I identify and block that traffic?
This thread was automatically locked due to age.
I prefer to use iftop for real time traffic. The options listed below (above?) can be a bit delayed. You will have to log into the console to run it. Press "?" for more options when running.
If you want ipv6 support, iftop will need to be updated (not supported). See this thread for more info. I used option 2 to update mine.
community.sophos.com/.../iftop-for-ipv6
Note, iftop shows connections and throughput speed for that client/host. The numbers are aggregated, whether its a single connection or dozens.
It might also be helpful to go to logging,network usage, bandwidth usage. Then sort by "Conn" in descending order.
I prefer to use iftop for real time traffic. The options listed below (above?) can be a bit delayed. You will have to log into the console to run it. Press "?" for more options when running.
If you want ipv6 support, iftop will need to be updated (not supported). See this thread for more info. I used option 2 to update mine.
community.sophos.com/.../iftop-for-ipv6
Note, iftop shows connections and throughput speed for that client/host. The numbers are aggregated, whether its a single connection or dozens.
It might also be helpful to go to logging,network usage, bandwidth usage. Then sort by "Conn" in descending order.
That's odd. are you getting any IPS alerts? What did you increase to stop the connections?
Something you can so do is go to Logging & Reporting and create an Executive Report for the last week or month which will list all your top clients/servers/applications and more, and tell you what users has been using the most bandwidth and what services.