I need to monitor each network client's bandwidth usage.  What software is recommended?

Posted on 2004-11-03
Last Modified: 2010-03-17
We have wireless internet here @ the office and it started out having T1 speeds, but as our clients here discovered they can now get smooth live streaming audio/video, our bandwidth is being chewed up.  The office personnel knows I don't like this, but I can tell it's still going on....I just can't catch them.  Is there a way for me to monitor which client machine is taking a majority of the bandwidth?  Any recommended software?  Free software is even better ;-)

I have a Netgear router hooked in to a Cisco 2950 switch (just FYI)

Many thanks!
Rick aka BeerAngel
Question by:BeerAngel
    LVL 79

    Accepted Solution

    Take a look at this product that is installed on the workstations..

    Else, you can look at something like NTOP that is passive and will point out your users in a second.

    Else, setup a Proxy server and force all Internet traffic to go through the proxy..

    More information:
    LVL 36

    Assisted Solution

    Hi BeerAngel,
    As lrmoore said something like ntop would work well. You can also run Ethereal ( which is a free network analyser which will do a similar job but you can also go very indepth to see what ports and traffic each client is using.

    For either of these you will need to configure the switch to span the port the netgear is connected to so that the monitoring machine sees all the traffic.
    LVL 5

    Assisted Solution

    You have several options depending on the environment:

    1.  Sniff packets and display what is found.  
    1.a. If you have a MAC laying around with OSX, there is a nifty program out there called EtherPeg which will put back together image files that are flying around your network and display them on the screen in no particular order.  Sometimes you can place this on a monitor in the middle of the office.  The idea is much like Orwell's Big Brother:  'we're watching, so don't surf where you shouldn't.'
    1.b.  A commercial software can do something similar and probably give a lot more information than EtherPeg. makes something called EtherPeek.  I've not used it myself, but it seems to go that extra mile that Ethereal doesn't--reconstructing the TCP stream into something you can actually understand.

    2.  Log Internet usage.
    2.a.  Ethereal can capture packets and graph some results, but if you have a linux box, ntop may be what you really want.  It has a nice HTTP interface that logs host activity.
    2.b.  Will your firewall give up the info?  Check your firewall, many times you have access to more flexibility than you think and your firewall can help you log Internet usage.

    3.  Who's doing what with your network?
    3.a.  When was the last time you scanned your own network for open ports?  Is someone running an FTP server that you don't know about?  Is someone using PCAnywhere to get Internet access from home?  How many people are running Kazaa?  A complete security audit should help.
    3.b.  Turn if off and see who whines.  If you see a flood of traffic at your gateway that looks suspicious, shut it down.  If someone whines about it you can ask the right questions and determine if it's legit or not.  

    4.  Surprise inspection.
    4.a.  Again with the 'we're watching you' stuff.  Announce in a formal memo that all company property must have its passwords logged with IT via email with a specific header (so you can organize them) and all company PCs are subject to a security audit (whether or not you actually perform them and how often is entirely up to you).  Not only does it help with "I forgot my password" syndrome, but you might be surprised yourself with what you find in the audits.  You can use some special software like EVEREST or do it manually but the reigns will be tighter.

    If a client password changed and you can't access it, swap the drive with a new one and a clean build.  If something is on there of vital importance it can always be restored, but until then, only authorized applications and authorized uses will be allowed on clients.  Chances are that after you mount that drive you'll find what they were hiding.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

        Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
    Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
    This video discusses moving either the default database or any database to a new volume.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now