Learn how to a build a cloud-first strategyRegister Now


how to find out what is taking taking up my bandwith...

Posted on 2006-05-02
Medium Priority
Last Modified: 2013-12-14
Hey guys,

I have a question about bandwidth throttling and/or checking.
I'm not an expert in networking, so please bear with me.

I am running smoothwall for my firewall, and I have 2 windows boxes, one of which running VMWare that has Fedora Core 2 on it, and another FC4 box running my webserver, and another box running RedHat 9.0 for my mail server.

here's my dilemma. I have the plugin installed on my smoothwall box that shows me the current traffic on my WAN interface (Red).
For some reason, I always see traffic that is in the 130Kbit range. I am running a remote desktop session, and running hamachi VPN which I am aware that they will consume some bandwidth, but I'm not sure that 130Kbit is accurate for that.

For all I know, the numbers that smoothwall is reporting are not right. In any case, my question still stands, as I'm always curious about a good way to figure out where my bandwidth is being used.

I have used the iptraf utility on linux, and that shows me what connections are established with the box. (although, that 130Kbit didn't seem to come from any of my Linux boxes).

My current concern with the traffic is that someone has a rootkit on one of my boxes and piggy backing on my connection... ??

Any insight as to what's a good way to monitor bandwith usage without going into some deeply technical methods?
Question by:George Khairallah
  • 3
  • 3
LVL 14

Expert Comment

ID: 16611660
stop the RDP session and the VPN session to remove the know traffic.  Use www. ethereal.com's ethereal to monitor your internal traffic.  

you should be able to see what is utilizing that bandwidth.

LVL 10

Author Comment

by:George Khairallah
ID: 16612038
the problem is that with ethereal, I'll be able to see what traffic there is on the specific eth adapter of that specific machine, I think to get it accurately, I would need to have ethereal running on the router itself, and, I'm not sure if that's possible to install on Smoothwall.  
At this point, I'm not really sure where the traffic is coming from ... As I mentioned before, I do have about 8 machines on my network...

Is there a way that I can monitor the traffic on all my network with etheral installed on just one of the workstations??
LVL 14

Accepted Solution

ECNSSMT earned 500 total points
ID: 16621716
well, if you want to get down to the specifics.  Switch traffic is port to port and generically, if your sniffer is on port 1, your suspect source is on port 2 and your suspect destination is on port 3; your sniffer on port 1 will never see the traffic.  

If anything else, if you have a managed switch, you can mirror the switch port (Cisco see Monitor Session command, other brands have their equivalent) and place the sniffer on the mirroring port.  

If you have an unmanaged switch or any of the SOHO switch/routers, your best bet may be to place this sniffer on the suspect device (and if the suspect device is a production server, I'd recommend an alternative be found, don't mess with production servers)
In this case, since you are monitoring outgoing traffic; you may want to stick a PC with the ethereal on it between the router or firewall and the rest of the network by using a 10/100HUB, if you can find one of those.  If you are using SOHO equipment, they are pretty much barebones and will not give the level of monitoring you are seeking.

Otherwise for remote monitoring you my be looking at ISS Realsecure with a HIDS client installed on to a specific set of devices.  That was the money route, I wasn't too sure if you'd wanted to travel down this path.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 10

Author Comment

by:George Khairallah
ID: 16621744
Hey thanks for the tips, that was very helpful. I'm going to have to play around with it, it doesn't seem like there's an easy (or cheap) way to do this...  
by the way, this network I'm talking about is just my home network ... so I have no SLA on the line :) ...
in any case, I like the idea of having a PC-in-the-middle situation connect to a hub... that might actually be a viable solution, I happen to have 10/100 hub laying around so I might finally use it for something.

Oh, and I'm not using any managed switches, so using port mirror is not an option for me at this point.

Anyway, I don't think anyone is going to give anything more detailed than you already have. Thank you appreciate it.
I will award you the points.
LVL 14

Expert Comment

ID: 16621823
thanks for the points.

operating in a business and home environment are definitely different.  I was trying to make my answer as generic to both situations as possible until I'd figured which environment you were in.  But now that I know you are in a home environment; have you considered using ZoneAlarm?  

LVL 10

Author Comment

by:George Khairallah
ID: 16622111
Yes, I actually use Kerio Personal Firewall (http://www.sunbeltsoftware.com), as it shows me exactly what services are using what bandwidth. it's sort of a simplified ethereal overview. I've installed it on all my windows boxes, I'm monitoring it now to see what kind of traffic is coming in, and going out... :) .  (I think it's an awesome product)

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question