Locating "bad" workstation

Posted on 2006-06-25
Last Modified: 2012-05-05
Small office: One W2K3 + 15PCs

The network is slowing down recently. I need to find which station or stations responsible for.

How to  find them without the need to shut down every PC.

Thank You
Question by:zolpo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +5
LVL 51

Expert Comment

ID: 16979040
your information is too vage to get an idea what's happening or what your problem is
Anyway, I guess you have a domain and all (but at least one) of your 15 PCs is configured to be a potentital master browser.
If that's the case, then there is no other possibility than shutdown the one which claimed to be master.
Configure each and every PC to be neither potential master brower nor backup master browser, then check if problem still there.

Author Comment

ID: 16979955
Sorry for not being clear.

It is wan bandwidth issue.

I suspect that there is a virus that is stealing our internet bandwidth.

I will check the browsing. it will take me a day or two.

Expert Comment

ID: 16980441
what type of switch are you using? depending on the model, you can see if it has a gui that will tell you what ports are using the most bandwith.  that can help
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 23

Expert Comment

by:Erik Bjers
ID: 16980956
Since you only have 15 computers, unplug them one at a time untill the problem goes away, the last one you unpluged is the problem.

Also run complete virus scan on all computers incase something is spreading.

LVL 38

Expert Comment

by:Rich Rumble
ID: 16980966
Cisco routers have "ip accounting" that can give you some useful stats, you can also employ tools like Cacti, and Ntop to measure the bandwidth consumed by various pc's or devices.

Author Comment

ID: 16981559
1. We have basic switch. No advanced capabilities.
2. For couple of reasons I can not use the unplugging method now.

I thought to put another PC and configure it as a gatway, so all pcs will go trough it to the internet. The problem is that I do not now how to do that and what tools to use. (I have no knowledge with Linux so please Windows only)

This way that pc will play as an advanced switch.

Maybe my Q should be: How to build a top notch gatway/switch/router from PC.

Please help.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 25 total points
ID: 16983570
There is a windows version of Ntop, and Cacti. If the switch can't do a port mirror, or port spanning, then Ntop won't help unless you install it on each machine. Windows connection sharing is easy to use, however windows can't brake down the bandwidth usage for each pc. Most routers, nowadays, can do some sort of accounting to tell you the number of bytes passed by each machine going through it.
LVL 13

Accepted Solution

prashsax earned 400 total points
ID: 16986751
You can put a HUB between your internet router and the switch.

Then connect a machine on this hub.(This machine will listen to all traffic).

Capture the traffic and see who is eating up the bandwidth.

Use ethereal for capturing the data.
LVL 10

Assisted Solution

stafi earned 25 total points
ID: 16987486
use this tool:


Assisted Solution

Zabulon777 earned 25 total points
ID: 16987764
Try out some different tools.. mostly open source!  There are a lot of ways to detect the machine that is spamming... The hard part is finding one that you like!  GOOD LUCK!

Assisted Solution

abarneslouortho earned 25 total points
ID: 16988533
if you really want to go the route of using a computer as a gateway.... its quite simple...

build a box with 2 nic's.

one nic has a cable from your computer to the switch.

the other nic has a cable from your computer to your internet connection.

not all that hard, just creates a bottleneck in the network, but considering your current situation, you may not notice a difference!! :D

once you have that set up you can monitor network usage with one of those tools linked above.

(just another hard manual way of going about things that wouldnt require building anything, you can go to each individual machine, ctrl+alt+del, then under the networking tab, see if any of them are using a lot of their connection.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month7 days, 5 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question