Here's the scenario: 1) 1 week ago, a session from 10.1.1.1 and 10.2.2.2 is established. Normally, data transfer is very low. 2) Within that session, 100GB of data is suddenly transferred one day between 6pm and 7pm, pegging the site's Internet bandwidth. 3) The data transfer becomes very low again after the burst. The session doesn't terminate until 1 week later. Observations: - If we look at ACC during that 1 hour burst, the traffic doesn't show up at all. - If we look at the session browser, all we see is total transferred bytes since the session was established. Question: - When we try to figure out what's using up the bandwidth in a particular time frame, how can we see bytes transferred and source/destination IPs for established sessions that remain active? (The Network Monitor is horribly inflexible and doesn't produce enough detail to be useful in our actual scenario)
... View more