Constant traffic on PPTP VPN Connection

Discussion in 'Microsoft Windows 2000 Networking' started by Guest, Jul 1, 2005.

  1. Guest

    Guest Guest

    I have several remote Windows 2000/XP Pro workstations that make "permanent"
    PPTP VPN connections to a VPN server in our office. All of these are
    configured the same way and "call" the same VPN server using PPTP.

    However one XP Pro machine has constant traffic on the VPN link. For example
    between 1AM and 1PM this machine has sent/received some 544MB over the VPN. I
    suspect that this is all overhead as the network usage in the XP Task Manager
    shows less than 1% traffic average on the VPN or the primary Internet
    connections. At our head office the primary router reports that some 17% of
    the T-1 was occupied during this period --- if we drop this VPN the T-1 usage
    drops to an average 4-5%.

    We have deleted and reconfigured the remote VPN several times and the result
    is always the same. The XP VPN is NOT configured to use the remote (head
    office) gateway --- only head office traffic flows over the VPN, all other
    uses the direct DSL connection. The remote is not cofigured to use head
    office WINS servers and does not dynamically update the head office DNS.

    Anyone have any idea why this machine exhibits this behavior and more
    important how do I get rid of it.
     
    Guest, Jul 1, 2005
    #1
    1. Advertisements

  2. If you haven't, do a malware scan on the machine. Then disable the computer browser service on it.

    After this, you have two ways to diagnose the problem: you can start killing processes and services until you find the culprit, or
    you can turn up netmon or Ethereal on the server to sniff the traffic and see what it is. 500MB is a lot more than just background
    noise from any system process that a workstation would be doing, unless you are running WUS or something that would be pushing a lot
    of updates.

    Steve Duff, MCSE, MVP
    Ergodic Systems, Inc.

    "John Steele" <> wrote in message news:...
    >I have several remote Windows 2000/XP Pro workstations that make "permanent"
    > PPTP VPN connections to a VPN server in our office. All of these are
    > configured the same way and "call" the same VPN server using PPTP.
    >
    > However one XP Pro machine has constant traffic on the VPN link. For example
    > between 1AM and 1PM this machine has sent/received some 544MB over the VPN. I
    > suspect that this is all overhead as the network usage in the XP Task Manager
    > shows less than 1% traffic average on the VPN or the primary Internet
    > connections. At our head office the primary router reports that some 17% of
    > the T-1 was occupied during this period --- if we drop this VPN the T-1 usage
    > drops to an average 4-5%.
    >
    > We have deleted and reconfigured the remote VPN several times and the result
    > is always the same. The XP VPN is NOT configured to use the remote (head
    > office) gateway --- only head office traffic flows over the VPN, all other
    > uses the direct DSL connection. The remote is not cofigured to use head
    > office WINS servers and does not dynamically update the head office DNS.
    >
    > Anyone have any idea why this machine exhibits this behavior and more
    > important how do I get rid of it.
     
    Steve Duff [MVP], Jul 1, 2005
    #2
    1. Advertisements

  3. Guest

    John Steele Guest

    Steve

    Thanks. We are not running anything that would be pushing data to the
    server, and certaily not at theat level. The other thing that is confusing
    is that it doesn't show up as network traffic in Task Manager and it only
    occurs when the VPN is up.

    I'll try the malware approach first and then I guess we'll have to go from
    there.

    John


    "Steve Duff [MVP]" <> wrote in message
    news:%...
    > If you haven't, do a malware scan on the machine. Then disable the
    > computer browser service on it.
    >
    > After this, you have two ways to diagnose the problem: you can start
    > killing processes and services until you find the culprit, or you can turn
    > up netmon or Ethereal on the server to sniff the traffic and see what it
    > is. 500MB is a lot more than just background noise from any system process
    > that a workstation would be doing, unless you are running WUS or something
    > that would be pushing a lot of updates.
    >
    > Steve Duff, MCSE, MVP
    > Ergodic Systems, Inc.
    >
    > "John Steele" <> wrote in message
    > news:...
    >>I have several remote Windows 2000/XP Pro workstations that make
    >>"permanent"
    >> PPTP VPN connections to a VPN server in our office. All of these are
    >> configured the same way and "call" the same VPN server using PPTP.
    >>
    >> However one XP Pro machine has constant traffic on the VPN link. For
    >> example
    >> between 1AM and 1PM this machine has sent/received some 544MB over the
    >> VPN. I
    >> suspect that this is all overhead as the network usage in the XP Task
    >> Manager
    >> shows less than 1% traffic average on the VPN or the primary Internet
    >> connections. At our head office the primary router reports that some 17%
    >> of
    >> the T-1 was occupied during this period --- if we drop this VPN the T-1
    >> usage
    >> drops to an average 4-5%.
    >>
    >> We have deleted and reconfigured the remote VPN several times and the
    >> result
    >> is always the same. The XP VPN is NOT configured to use the remote (head
    >> office) gateway --- only head office traffic flows over the VPN, all
    >> other
    >> uses the direct DSL connection. The remote is not cofigured to use head
    >> office WINS servers and does not dynamically update the head office DNS.
    >>
    >> Anyone have any idea why this machine exhibits this behavior and more
    >> important how do I get rid of it.

    >
    >
     
    John Steele, Jul 2, 2005
    #3
  4. Guest

    John Steele Guest

    Thanks.

    Well, I found it. It was the Windows Time Service! I disabled this and the
    problem simply stopped.




    "John Steele" <> wrote in message
    news:42c6d012$0$37130$...
    > Steve
    >
    > Thanks. We are not running anything that would be pushing data to the
    > server, and certaily not at theat level. The other thing that is
    > confusing is that it doesn't show up as network traffic in Task Manager
    > and it only occurs when the VPN is up.
    >
    > I'll try the malware approach first and then I guess we'll have to go from
    > there.
    >
    > John
    >
    >
    > "Steve Duff [MVP]" <> wrote in message
    > news:%...
    >> If you haven't, do a malware scan on the machine. Then disable the
    >> computer browser service on it.
    >>
    >> After this, you have two ways to diagnose the problem: you can start
    >> killing processes and services until you find the culprit, or you can
    >> turn up netmon or Ethereal on the server to sniff the traffic and see
    >> what it is. 500MB is a lot more than just background noise from any
    >> system process that a workstation would be doing, unless you are running
    >> WUS or something that would be pushing a lot of updates.
    >>
    >> Steve Duff, MCSE, MVP
    >> Ergodic Systems, Inc.
    >>
    >> "John Steele" <> wrote in message
    >> news:...
    >>>I have several remote Windows 2000/XP Pro workstations that make
    >>>"permanent"
    >>> PPTP VPN connections to a VPN server in our office. All of these are
    >>> configured the same way and "call" the same VPN server using PPTP.
    >>>
    >>> However one XP Pro machine has constant traffic on the VPN link. For
    >>> example
    >>> between 1AM and 1PM this machine has sent/received some 544MB over the
    >>> VPN. I
    >>> suspect that this is all overhead as the network usage in the XP Task
    >>> Manager
    >>> shows less than 1% traffic average on the VPN or the primary Internet
    >>> connections. At our head office the primary router reports that some 17%
    >>> of
    >>> the T-1 was occupied during this period --- if we drop this VPN the T-1
    >>> usage
    >>> drops to an average 4-5%.
    >>>
    >>> We have deleted and reconfigured the remote VPN several times and the
    >>> result
    >>> is always the same. The XP VPN is NOT configured to use the remote (head
    >>> office) gateway --- only head office traffic flows over the VPN, all
    >>> other
    >>> uses the direct DSL connection. The remote is not cofigured to use head
    >>> office WINS servers and does not dynamically update the head office DNS.
    >>>
    >>> Anyone have any idea why this machine exhibits this behavior and more
    >>> important how do I get rid of it.

    >>
    >>

    >
    >
     
    John Steele, Jul 2, 2005
    #4
  5. It is supposed to be running.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------


    "John Steele" <> wrote in message
    news:42c6d9f7$0$37159$...
    > Thanks.
    >
    > Well, I found it. It was the Windows Time Service! I disabled this and the
    > problem simply stopped.
    >
    >
    >
    >
    > "John Steele" <> wrote in message
    > news:42c6d012$0$37130$...
    > > Steve
    > >
    > > Thanks. We are not running anything that would be pushing data to the
    > > server, and certaily not at theat level. The other thing that is
    > > confusing is that it doesn't show up as network traffic in Task Manager
    > > and it only occurs when the VPN is up.
    > >
    > > I'll try the malware approach first and then I guess we'll have to go

    from
    > > there.
    > >
    > > John
    > >
    > >
    > > "Steve Duff [MVP]" <> wrote in message
    > > news:%...
    > >> If you haven't, do a malware scan on the machine. Then disable the
    > >> computer browser service on it.
    > >>
    > >> After this, you have two ways to diagnose the problem: you can start
    > >> killing processes and services until you find the culprit, or you can
    > >> turn up netmon or Ethereal on the server to sniff the traffic and see
    > >> what it is. 500MB is a lot more than just background noise from any
    > >> system process that a workstation would be doing, unless you are

    running
    > >> WUS or something that would be pushing a lot of updates.
    > >>
    > >> Steve Duff, MCSE, MVP
    > >> Ergodic Systems, Inc.
    > >>
    > >> "John Steele" <> wrote in message
    > >> news:...
    > >>>I have several remote Windows 2000/XP Pro workstations that make
    > >>>"permanent"
    > >>> PPTP VPN connections to a VPN server in our office. All of these are
    > >>> configured the same way and "call" the same VPN server using PPTP.
    > >>>
    > >>> However one XP Pro machine has constant traffic on the VPN link. For
    > >>> example
    > >>> between 1AM and 1PM this machine has sent/received some 544MB over the
    > >>> VPN. I
    > >>> suspect that this is all overhead as the network usage in the XP Task
    > >>> Manager
    > >>> shows less than 1% traffic average on the VPN or the primary Internet
    > >>> connections. At our head office the primary router reports that some

    17%
    > >>> of
    > >>> the T-1 was occupied during this period --- if we drop this VPN the

    T-1
    > >>> usage
    > >>> drops to an average 4-5%.
    > >>>
    > >>> We have deleted and reconfigured the remote VPN several times and the
    > >>> result
    > >>> is always the same. The XP VPN is NOT configured to use the remote

    (head
    > >>> office) gateway --- only head office traffic flows over the VPN, all
    > >>> other
    > >>> uses the direct DSL connection. The remote is not cofigured to use

    head
    > >>> office WINS servers and does not dynamically update the head office

    DNS.
    > >>>
    > >>> Anyone have any idea why this machine exhibits this behavior and more
    > >>> important how do I get rid of it.
    > >>
    > >>

    > >
    > >

    >
    >
     
    Phillip Windell, Jul 5, 2005
    #5
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anthony

    How do I setup a VPN (PPTP) connection to use braodband

    Anthony, Nov 13, 2003, in forum: Microsoft Windows 2000 Networking
    Replies:
    1
    Views:
    137
    Doug Sherman [MVP]
    Nov 14, 2003
  2. Manish

    Creating VPN connection (PPTP/L2TP) in WIN2k

    Manish, Nov 24, 2003, in forum: Microsoft Windows 2000 Networking
    Replies:
    0
    Views:
    159
    Manish
    Nov 24, 2003
  3. assi

    Traffic Issues with PPTP

    assi, Jul 3, 2005, in forum: Microsoft Windows 2000 Networking
    Replies:
    0
    Views:
    162
  4. mlick2

    PPTP VPN through a IPSEC VPN

    mlick2, Oct 19, 2005, in forum: Microsoft Windows 2000 Networking
    Replies:
    4
    Views:
    1,489
    Phillip Windell
    Oct 20, 2005
  5. Windows PPTP VPN Connection keeps dying

    , Oct 21, 2005, in forum: Microsoft Windows 2000 Networking
    Replies:
    0
    Views:
    182
Loading...

Share This Page