Hello i´ve been noticied a big use of outbound data from monitored servers. One in case run a simple webserver(webspeed) without connections and i could monitor it in focus.

The use of link it´s big only for monitored machines. as you can see on below.

#	Src IP	Src Port	Dst IP	Dst Port	Protocol	Src Iface	Dst Iface	Flow Type	IPS Category	Expiry (sec)	Tx Bytes	Rx Bytes	Tx Pkts	Rx Pkts	Flush
1	10.0.1.41	8289	69.191.244.221	8292	TCP	X0	X1		N/A	899	17738287	101042490	328617	565791
2	10.0.0.163	5060	172.30.1.106	5060	UDP	X0	X1	SIP Control	N/A	29	16372793	0	44559	0
3	10.0.0.15	54061	69.65.50.4	443	TCP	X0	X1	HTTPS	N/A	896	13574159	12279588	23854	33905
4	10.0.0.23	52034	69.65.50.5	443	TCP	X0	X1	HTTPS	N/A	897	9888907	7991923	32918	32225
5	10.0.0.17	4705	69.65.50.4	443	TCP	X0	X1	HTTPS	N/A	894	6808214	6131252	14136	16866
6	10.0.0.30	51211	69.65.50.6	443	TCP	X0	X1	HTTPS	N/A	895	5936065	5331351	10444	14720
7	10.0.0.18	61546	69.65.50.4	443	TCP	X0	X1	HTTPS	N/A	896	4415782	3983527	7784	11014

the servers of line 3,4,5,6,7 and another with i reset the service was been there too.

looking for conexion IP(69.65.50.4 , 5, 6 ) it´s from servernap.net.

Based on this, what is this?
What data the servers are sending that use all of my link?
Someone can explain me?

Thanks

Hi Otavio,

The traffic seems low: 17738287 bytes (17.73MB), what values did you expect?

Chris