I need to monitor each network client's bandwidth usage. What software is recommended?

We have wireless internet here @ the office and it started out having T1 speeds, but as our clients here discovered they can now get smooth live streaming audio/video, our bandwidth is being chewed up.  The office personnel knows I don't like this, but I can tell it's still going on....I just can't catch them.  Is there a way for me to monitor which client machine is taking a majority of the bandwidth?  Any recommended software?  Free software is even better ;-)

I have a Netgear router hooked in to a Cisco 2950 switch (just FYI)

Many thanks!
Rick aka BeerAngel
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Take a look at this product that is installed on the workstations..

Else, you can look at something like NTOP that is passive and will point out your users in a second.

Else, setup a Proxy server and force all Internet traffic to go through the proxy..

More information:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi BeerAngel,
As lrmoore said something like ntop would work well. You can also run Ethereal (http://www.ethereal.com/) which is a free network analyser which will do a similar job but you can also go very indepth to see what ports and traffic each client is using.

For either of these you will need to configure the switch to span the port the netgear is connected to so that the monitoring machine sees all the traffic.
You have several options depending on the environment:

1.  Sniff packets and display what is found.  
1.a. If you have a MAC laying around with OSX, there is a nifty program out there called EtherPeg which will put back together image files that are flying around your network and display them on the screen in no particular order.  Sometimes you can place this on a monitor in the middle of the office.  The idea is much like Orwell's Big Brother:  'we're watching, so don't surf where you shouldn't.'
1.b.  A commercial software can do something similar and probably give a lot more information than EtherPeg.  Wildpackets.com makes something called EtherPeek.  I've not used it myself, but it seems to go that extra mile that Ethereal doesn't--reconstructing the TCP stream into something you can actually understand.

2.  Log Internet usage.
2.a.  Ethereal can capture packets and graph some results, but if you have a linux box, ntop may be what you really want.  It has a nice HTTP interface that logs host activity.
2.b.  Will your firewall give up the info?  Check your firewall, many times you have access to more flexibility than you think and your firewall can help you log Internet usage.

3.  Who's doing what with your network?
3.a.  When was the last time you scanned your own network for open ports?  Is someone running an FTP server that you don't know about?  Is someone using PCAnywhere to get Internet access from home?  How many people are running Kazaa?  A complete security audit should help.
3.b.  Turn if off and see who whines.  If you see a flood of traffic at your gateway that looks suspicious, shut it down.  If someone whines about it you can ask the right questions and determine if it's legit or not.  

4.  Surprise inspection.
4.a.  Again with the 'we're watching you' stuff.  Announce in a formal memo that all company property must have its passwords logged with IT via email with a specific header (so you can organize them) and all company PCs are subject to a security audit (whether or not you actually perform them and how often is entirely up to you).  Not only does it help with "I forgot my password" syndrome, but you might be surprised yourself with what you find in the audits.  You can use some special software like EVEREST or do it manually but the reigns will be tighter.

If a client password changed and you can't access it, swap the drive with a new one and a clean build.  If something is on there of vital importance it can always be restored, but until then, only authorized applications and authorized uses will be allowed on clients.  Chances are that after you mount that drive you'll find what they were hiding.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.