This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

Windows 10 Is Already Using Up Your Bandwidth

Windows 10 Upgrade

Windows 10 Downloads

A lot of people out there are looking forward to upgrading to Windows 10 and in less than 24 hours, Microsoft will start upgrading Windows 7 and Windows 8 machines to Windows 10. The release is scheduled for 12AM ET on July 29th (9PM PST on July 28th).

If you are responsible for the management of a network you should be aware that the software updates download in advance. Microsoft want to speed up the process by pre-loading the final version of Windows 10 on PCs eligible for the upgrade.

If you notice Internet connectivity slowdowns or if you are concerned about bandwidth use, you may see connections like the following on your Internet gateway. There are many ways to capture this information including logs, flow data and deep packet inspection.

Windows 10 upgrade IP addresses

One thing to watch out for if you are using logs or flow data is that reverse lookups of the IP addresses may be misleading. I noticed the IP addresses above using up a lot of bandwidth on my network. A reverse lookup using my favorite security lookup site ( reported that the IP address is registered to Eircom which at first seems strange. Further analysis of the IP address and DNS traffic also shows it to be associated with which is a content delivery network (CDN).

Content delivery network

What you need to do is look inside the network packets associated with this activity. The HTTP headers will reveal what is actually happening. Many organizations now use content delivery networks to distribute content like software. For the consumer this means fast and reliable downloads but it also means that the network traffic coming into your network is arriving from a third party. In my case the third party is Eircom who in turn host services for Akamai and Microsoft uses them to distribute content.

When the network packets are analyzed by a deep packet inspection engine we can see that the downloads are from Windows update and that they are associated with the Windows 10 upgrade. I saw over 1GB of downloads in less than 1 hour for a single client. Quick glance at the screenshot below shows some of the downloads and the level of detail that can be captured from network packets.

HTTP Header Analysis

I for one am looking forward to upgrading to Windows 10. My own experiences with Windows 8 were not good and I got rid of it after 1 month. Windows 7 has served me well but there is enough in 10 to convince me to upgrade. If you are responsible for the management of a network, watch out for heavy bandwidth use in the coming weeks which may be associated with this upgrade process. Ideally you should use a monitoring tool which can look inside HTTP headers so you can see exactly what is happening.

Darragh Delaney