Constant traffic on PPTP VPN Connection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have several remote Windows 2000/XP Pro workstations that make "permanent"
PPTP VPN connections to a VPN server in our office. All of these are
configured the same way and "call" the same VPN server using PPTP.

However one XP Pro machine has constant traffic on the VPN link. For example
between 1AM and 1PM this machine has sent/received some 544MB over the VPN. I
suspect that this is all overhead as the network usage in the XP Task Manager
shows less than 1% traffic average on the VPN or the primary Internet
connections. At our head office the primary router reports that some 17% of
the T-1 was occupied during this period --- if we drop this VPN the T-1 usage
drops to an average 4-5%.

We have deleted and reconfigured the remote VPN several times and the result
is always the same. The XP VPN is NOT configured to use the remote (head
office) gateway --- only head office traffic flows over the VPN, all other
uses the direct DSL connection. The remote is not cofigured to use head
office WINS servers and does not dynamically update the head office DNS.

Anyone have any idea why this machine exhibits this behavior and more
important how do I get rid of it.
 
If you haven't, do a malware scan on the machine. Then disable the computer browser service on it.

After this, you have two ways to diagnose the problem: you can start killing processes and services until you find the culprit, or
you can turn up netmon or Ethereal on the server to sniff the traffic and see what it is. 500MB is a lot more than just background
noise from any system process that a workstation would be doing, unless you are running WUS or something that would be pushing a lot
of updates.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
Steve

Thanks. We are not running anything that would be pushing data to the
server, and certaily not at theat level. The other thing that is confusing
is that it doesn't show up as network traffic in Task Manager and it only
occurs when the VPN is up.

I'll try the malware approach first and then I guess we'll have to go from
there.

John
 
Thanks.

Well, I found it. It was the Windows Time Service! I disabled this and the
problem simply stopped.
 
It is supposed to be running.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
 
Back
Top