Hi,
we have a virtual server that is our Terminal server and some of our customers accessing it with RDP, laatly I can see alot of data traffice when one of the custmoers accessing this server .I did contect that user and asked him if he is downloading or coping files, and he was not do anuthing that would genrate that much traffice.
I would like to know if I can use wireshark to findout what exactlly genrating this data traffice? and how can I do that?
Thanks
Hi Shanin,
The easiest would probably be if you install Wireshark on that Terminal Server, and use it to analyze traffic.
The people at How-ToGeek have written a good How-To which you can follow 
Hi Evert,
Thank you for your replay.
I will look in to the link that you send and see if it can help me or not.
Thank you again.
Hi Evert,
we did capture a package when there was a high data usage, and from there we can see the only protocol from the customer IP to our Terminal server is TCP and TPKT.
question is,
How can we find out what kind of data has been send and recieve between the client and the server?
Any idea?
Thanks
For that you’ll have to install Wireshark either on the physical host of the virtual Terminal Server, or on a machine somewhere in between the Terminal Server and the client…
I already did a capture on the virtual terminal server and the only packages that I can see between the host that cause the high network usage and Terminal server is TCP and TPKT.
question is how can we find out what exacly cause the high usage.