Constant traffic on PPTP VPN Connection

G

Guest

I have several remote Windows 2000/XP Pro workstations that make "permanent"
PPTP VPN connections to a VPN server in our office. All of these are
configured the same way and "call" the same VPN server using PPTP.

However one XP Pro machine has constant traffic on the VPN link. For example
between 1AM and 1PM this machine has sent/received some 544MB over the VPN. I
suspect that this is all overhead as the network usage in the XP Task Manager
shows less than 1% traffic average on the VPN or the primary Internet
connections. At our head office the primary router reports that some 17% of
the T-1 was occupied during this period --- if we drop this VPN the T-1 usage
drops to an average 4-5%.

We have deleted and reconfigured the remote VPN several times and the result
is always the same. The XP VPN is NOT configured to use the remote (head
office) gateway --- only head office traffic flows over the VPN, all other
uses the direct DSL connection. The remote is not cofigured to use head
office WINS servers and does not dynamically update the head office DNS.

Anyone have any idea why this machine exhibits this behavior and more
important how do I get rid of it.
 
S

Steve Duff [MVP]

If you haven't, do a malware scan on the machine. Then disable the computer browser service on it.

After this, you have two ways to diagnose the problem: you can start killing processes and services until you find the culprit, or
you can turn up netmon or Ethereal on the server to sniff the traffic and see what it is. 500MB is a lot more than just background
noise from any system process that a workstation would be doing, unless you are running WUS or something that would be pushing a lot
of updates.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
J

John Steele

Steve

Thanks. We are not running anything that would be pushing data to the
server, and certaily not at theat level. The other thing that is confusing
is that it doesn't show up as network traffic in Task Manager and it only
occurs when the VPN is up.

I'll try the malware approach first and then I guess we'll have to go from
there.

John
 
J

John Steele

Thanks.

Well, I found it. It was the Windows Time Service! I disabled this and the
problem simply stopped.
 
P

Phillip Windell

It is supposed to be running.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PPTP VPN through a IPSEC VPN 4
netgear routers allow max of 1 to 4 pptp passthroughs ! 1
Can't map driver on VPN through win2k server 5
Site-to-Site VPN via Win2K Server 1
PPTP VPN Connection fails to register 13
LAN-to-Web traffic uses customer's VPN connection 3
Browsing resources on VPN client machine 2
vpn 1

Top