Tool to monitor LAN Traffic

Posted on 2006-05-17
Last Modified: 2013-11-30
Hi All,
I have a corporate network with 40 computers connected to a domain controller. It is a Windows based network. We have an ADSL router from an ISP that gives the internet connection. From the router, the connection goes to a Netscreen 5GT firewall and from there it connects to the LAN. Sometimes due to virus and other problem, few machines fire heavy traffic on the network. This causes the entire LAN speed and internet speed to drop. Since the firewall is from our Head Office, me as an Administrator doesnt have access to it. Even the ISP cant see the local computers on the router. So its very difficult to identify which computer is causing the problem or causing this high traffic.
Now i need help. I need to use some software that could tell me the LAN traffic by individual computers on my lan- either as a graph or through any figures. I need to find which computer is causing all the trouble. Now wht i do is to unplug one by one LAN cable and observe the traffic. This is really cumbersome..
Can anyone help.
Thanks in advance
Question by:kelpere

    Expert Comment

    Try using a sniffer, Etherreal is one of them.  Theres a ton out there.  Also, have you ever thought that possibly your firewall is causing some disruptions? It would be wise if the head office would give you enough authorization to check for that possibility.
    LVL 2

    Expert Comment


    However, I must warn you.  If you run ethereal on machine 1 which is plugged to a router, and you attempt to monitor machine 2 which is also on the router, it wont work....    The reason is that the router stops a lot of the traffic.

    You have 2 options...

    Run ethereal on every machine (easy unless you have a lot of them)


    Take out the router, put in a standard HUB (not a switch) and link it to the router.   This making all the traffic go over the hub frist.   Then you could monitor all the comptuers at one time since a hub doens't block anything.   A Switch will though so you have to make sure it is a old style hub which is becoming difficult to find.  

    I woud do option one.  Look at the switch or router lights and see which one has the most blinking going on, and run ethereal on that comptuer to check it.

    Hope this helps!
    LVL 8

    Expert Comment

    You should configure your 5GT to send network activity logs to a syslog server on your network. Also, on the router you may view network stats. It is abnormal as network administrator to not have access to your security equipment.  Ask the head office to create an account on the firewall. Even a restricted account with access privilege to logs will be most helful.
    LVL 14

    Expert Comment

    Many managed switches have the capability to mirror traffic to a port for the purpose of monitoring/ or packet sniffing.  Once you enable that feature and mirror traffic to it, the ethereal product (or any other product) will work nicely and will not require multiple copies to be installed on to each PC.

    Otherwise, maybe not as cumbersome but just as tedious, check out performance monitoring; it comes with every build of windows; it won't give you things down to the packet level to see the types of traffic, but you can use it to determine the amount of traffic per PC.  Once you narrowed down your suspect PCs, you can go to the next step and use a sniffer or monitoring app to see the packet transactions either from a mirrored (sniffer) port or directly on the PC.

    LVL 79

    Accepted Solution


    Author Comment

    Thanks for all the comments...but i find Ethereal is confusing me little. I will try NTOP. The thing is that the Firewall is creating a VPN tunnel to our UK offiice and the same has been programmed by our hosting center. This is the reason why they dont give us permission over the really helpless here as it is the Hosting Centre policy.

    Now i think i can ask them to provide me atleast access to the log files.

    Let me try NTOP meanwhile i will post back my feedback.


    Author Comment

    NTOP is really good and so SNIFFER PORTABLE. Sniffer gives me a much better pic of the total traffic.

    Friends....any working experience on SNiffer....??? Suggestions pls

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now