Tool to monitor LAN Traffic

Hi All,
I have a corporate network with 40 computers connected to a domain controller. It is a Windows based network. We have an ADSL router from an ISP that gives the internet connection. From the router, the connection goes to a Netscreen 5GT firewall and from there it connects to the LAN. Sometimes due to virus and other problem, few machines fire heavy traffic on the network. This causes the entire LAN speed and internet speed to drop. Since the firewall is from our Head Office, me as an Administrator doesnt have access to it. Even the ISP cant see the local computers on the router. So its very difficult to identify which computer is causing the problem or causing this high traffic.
Now i need help. I need to use some software that could tell me the LAN traffic by individual computers on my lan- either as a graph or through any figures. I need to find which computer is causing all the trouble. Now wht i do is to unplug one by one LAN cable and observe the traffic. This is really cumbersome..
Can anyone help.
Thanks in advance
Who is Participating?
lrmooreConnect With a Mentor Commented:
Try using a sniffer, Etherreal is one of them.  Theres a ton out there.  Also, have you ever thought that possibly your firewall is causing some disruptions? It would be wise if the head office would give you enough authorization to check for that possibility.

However, I must warn you.  If you run ethereal on machine 1 which is plugged to a router, and you attempt to monitor machine 2 which is also on the router, it wont work....    The reason is that the router stops a lot of the traffic.

You have 2 options...

Run ethereal on every machine (easy unless you have a lot of them)


Take out the router, put in a standard HUB (not a switch) and link it to the router.   This making all the traffic go over the hub frist.   Then you could monitor all the comptuers at one time since a hub doens't block anything.   A Switch will though so you have to make sure it is a old style hub which is becoming difficult to find.  

I woud do option one.  Look at the switch or router lights and see which one has the most blinking going on, and run ethereal on that comptuer to check it.

Hope this helps!
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

You should configure your 5GT to send network activity logs to a syslog server on your network. Also, on the router you may view network stats. It is abnormal as network administrator to not have access to your security equipment.  Ask the head office to create an account on the firewall. Even a restricted account with access privilege to logs will be most helful.
Many managed switches have the capability to mirror traffic to a port for the purpose of monitoring/ or packet sniffing.  Once you enable that feature and mirror traffic to it, the ethereal product (or any other product) will work nicely and will not require multiple copies to be installed on to each PC.

Otherwise, maybe not as cumbersome but just as tedious, check out performance monitoring; it comes with every build of windows; it won't give you things down to the packet level to see the types of traffic, but you can use it to determine the amount of traffic per PC.  Once you narrowed down your suspect PCs, you can go to the next step and use a sniffer or monitoring app to see the packet transactions either from a mirrored (sniffer) port or directly on the PC.

kelpereAuthor Commented:
Thanks for all the comments...but i find Ethereal is confusing me little. I will try NTOP. The thing is that the Firewall is creating a VPN tunnel to our UK offiice and the same has been programmed by our hosting center. This is the reason why they dont give us permission over the really helpless here as it is the Hosting Centre policy.

Now i think i can ask them to provide me atleast access to the log files.

Let me try NTOP meanwhile i will post back my feedback.

kelpereAuthor Commented:
NTOP is really good and so SNIFFER PORTABLE. Sniffer gives me a much better pic of the total traffic.

Friends....any working experience on SNiffer....??? Suggestions pls
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.