By the way of WEB interface ,we can find there is exception traffic at 2:30 to 4:30 when we make statistics.

Publication Date:  2012-09-27 Views:  66 Downloads:  0
Issue Description

Picture 1  phenomena description:The traffic is especial heavy in the wee hours aboute three.
Network :
Shenzhen and beijing have one USG2160,the shenzhen access public network by 4M ADSL dialingof telecommunication,beijing access public network by ADSL dialing of network communication.Both sides use USG2160 to be gateway,it connects switch and PC.
Beijing need access the server of shenzhen and establish IPSec VPN.Beacuse it is dynamic getting address,client purchase the peanut shell dynamic domain name server.Both sides install the peanut shell dynamic domain name server and dynamic update address.
If the traffic is over the user bandwidth,how does the exception traffic produce?which traffic can it be.
Alarm Information
Handling Process
The method to deal with:
1、 we can use the traffic statistics which is provided by user to account traffic and find it isn’t over 4M
2、 Analyse exception traffic by the way of packet capturing.
Root Cause
The analysis of reason of producing exception traffic:
1. Internal network server data need keep backup,the policy of data backup will start in wee hours about 2:30,so it can produce the taffic
2. The antivirus database of internal network user computer or server need upgrade .
3. The virus or trojan of internal network produce the traffic.
4. Many users of internal network install and use P2P software or plug-in.
The raeson of the exception traffic producing is led by antivirus adtabase upgrade and plug-in by analysing packet capturing statistics