Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Locating "bad" workstation

Posted on 2006-06-25
12
Medium Priority
?
425 Views
Last Modified: 2012-05-05
Small office: One W2K3 + 15PCs

The network is slowing down recently. I need to find which station or stations responsible for.

How to  find them without the need to shut down every PC.

Thank You
0
Comment
Question by:zolpo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +5
12 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16979040
your information is too vage to get an idea what's happening or what your problem is
Anyway, I guess you have a domain and all (but at least one) of your 15 PCs is configured to be a potentital master browser.
If that's the case, then there is no other possibility than shutdown the one which claimed to be master.
Configure each and every PC to be neither potential master brower nor backup master browser, then check if problem still there.
0
 
LVL 1

Author Comment

by:zolpo
ID: 16979955
Sorry for not being clear.


It is wan bandwidth issue.

I suspect that there is a virus that is stealing our internet bandwidth.

I will check the browsing. it will take me a day or two.
0
 
LVL 2

Expert Comment

by:abarneslouortho
ID: 16980441
what type of switch are you using? depending on the model, you can see if it has a gui that will tell you what ports are using the most bandwith.  that can help
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 16980956
Since you only have 15 computers, unplug them one at a time untill the problem goes away, the last one you unpluged is the problem.

Also run complete virus scan on all computers incase something is spreading.

eb
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16980966
Cisco routers have "ip accounting" that can give you some useful stats, you can also employ tools like Cacti, and Ntop to measure the bandwidth consumed by various pc's or devices.
-rich
0
 
LVL 1

Author Comment

by:zolpo
ID: 16981559
1. We have basic switch. No advanced capabilities.
2. For couple of reasons I can not use the unplugging method now.

I thought to put another PC and configure it as a gatway, so all pcs will go trough it to the internet. The problem is that I do not now how to do that and what tools to use. (I have no knowledge with Linux so please Windows only)

This way that pc will play as an advanced switch.

Maybe my Q should be: How to build a top notch gatway/switch/router from PC.

Please help.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 16983570
There is a windows version of Ntop, and Cacti. If the switch can't do a port mirror, or port spanning, then Ntop won't help unless you install it on each machine. Windows connection sharing is easy to use, however windows can't brake down the bandwidth usage for each pc. Most routers, nowadays, can do some sort of accounting to tell you the number of bytes passed by each machine going through it. http://www.openxtra.co.uk/products/ntop-xtra.php
-rich
0
 
LVL 13

Accepted Solution

by:
prashsax earned 1600 total points
ID: 16986751
You can put a HUB between your internet router and the switch.

Then connect a machine on this hub.(This machine will listen to all traffic).

Capture the traffic and see who is eating up the bandwidth.

Use ethereal for capturing the data.
0
 
LVL 10

Assisted Solution

by:stafi
stafi earned 100 total points
ID: 16987486
use this tool:

http://www.omnipeek.com/

0
 
LVL 1

Assisted Solution

by:Zabulon777
Zabulon777 earned 100 total points
ID: 16987764
Try out some different tools.. mostly open source!  There are a lot of ways to detect the machine that is spamming... The hard part is finding one that you like!  GOOD LUCK!

http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
0
 
LVL 2

Assisted Solution

by:abarneslouortho
abarneslouortho earned 100 total points
ID: 16988533
if you really want to go the route of using a computer as a gateway.... its quite simple...

build a box with 2 nic's.

one nic has a cable from your computer to the switch.

the other nic has a cable from your computer to your internet connection.

not all that hard, just creates a bottleneck in the network, but considering your current situation, you may not notice a difference!! :D

once you have that set up you can monitor network usage with one of those tools linked above.

(just another hard manual way of going about things that wouldnt require building anything, you can go to each individual machine, ctrl+alt+del, then under the networking tab, see if any of them are using a lot of their connection.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question