Bandwidth Usage Issue

Posted on 2006-06-08
Last Modified: 2010-04-11
Hello and Hi Rob,

I have an IP address reporting triple the usage as the mail server. I have been unable to find the "bug." I have run the network anayler, autoruns, hijackthis, I have viewed the event log, and run our symantec anti-virus corporate edition to no avail. Hmmmmm.

Any suggestions?
Question by:Lyndy333
    LVL 12

    Expert Comment

    load Ethereal on the host and sniff the traffic see what is generating it and then search for a signature in google.

    LVL 13

    Expert Comment

    Best way to find it is to monitor it on the Internet gateway.

    Use this traffic monitor on the mirrored port.

    It will give the exact details of traffic and the IP address it is coming and going.

    The traffic could be due to Mail virus installed on some client computers, which are sending mail.

    You need to monitor traffic to find out what is causing it.

    Most likely it is some virus on a computer in your network.

    LVL 10

    Expert Comment

    If the source host is windows, try "netstat -an" to see who and where it is connecting.  Download active ports and run it on the machine to see what applications are connecting to what addresses.  As a side note, symantec may block the installation of active ports, as it is considered a snooping / security risk ( .
    LVL 7

    Accepted Solution

    I can't say I know exactly what you're looking for... is there a rogue computer on the network?  Is it being a mail server, or are you just comparing it to your mail server?  I'm assuming the info you found indicates the IP address (vs the IP Address actually telling you)?

    If you're searching for a rogue system and you know it's IP... just go backwards.  From the IP, get the MAC address.  Login to the switch, fine which port that MAC sits on and follow it to the patch panel.  Follow the patch panel (labelled I hope!) to the jack, and you've found the computer.  This assumes your network is set up in a certain way... most larger company networks are set up in a similar fasion.

    Otherwise, ping the IP address, and get the MAC address (via ARP, "arp -a" in DOS).  Look for that computer on the network and you've found your culprit.  This works if there aren't too many computers to search (smaller company).

    Once you've found your computer you can check for viruses/etc from there.
    LVL 1

    Author Comment


    i would be interested in knowing if you run this program on a live network?
    LVL 1

    Author Comment

    I do know that there is a rogue computer on my network, policy is in the process of including "any electronic devices on company property is company property and will be confiscated..." Computer was connecting to the network via T1, from that T1 15 computers connect....not currently labeled. Your suggestion proved to be most helpful.

    Thanks to all for your expert advice !!!

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now