Locating "bad" workstation

Posted on 2006-06-25
Last Modified: 2012-05-05
Small office: One W2K3 + 15PCs

The network is slowing down recently. I need to find which station or stations responsible for.

How to  find them without the need to shut down every PC.

Thank You
Question by:zolpo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +5
LVL 51

Expert Comment

ID: 16979040
your information is too vage to get an idea what's happening or what your problem is
Anyway, I guess you have a domain and all (but at least one) of your 15 PCs is configured to be a potentital master browser.
If that's the case, then there is no other possibility than shutdown the one which claimed to be master.
Configure each and every PC to be neither potential master brower nor backup master browser, then check if problem still there.

Author Comment

ID: 16979955
Sorry for not being clear.

It is wan bandwidth issue.

I suspect that there is a virus that is stealing our internet bandwidth.

I will check the browsing. it will take me a day or two.

Expert Comment

ID: 16980441
what type of switch are you using? depending on the model, you can see if it has a gui that will tell you what ports are using the most bandwith.  that can help
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

LVL 23

Expert Comment

by:Erik Bjers
ID: 16980956
Since you only have 15 computers, unplug them one at a time untill the problem goes away, the last one you unpluged is the problem.

Also run complete virus scan on all computers incase something is spreading.

LVL 38

Expert Comment

by:Rich Rumble
ID: 16980966
Cisco routers have "ip accounting" that can give you some useful stats, you can also employ tools like Cacti, and Ntop to measure the bandwidth consumed by various pc's or devices.

Author Comment

ID: 16981559
1. We have basic switch. No advanced capabilities.
2. For couple of reasons I can not use the unplugging method now.

I thought to put another PC and configure it as a gatway, so all pcs will go trough it to the internet. The problem is that I do not now how to do that and what tools to use. (I have no knowledge with Linux so please Windows only)

This way that pc will play as an advanced switch.

Maybe my Q should be: How to build a top notch gatway/switch/router from PC.

Please help.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 25 total points
ID: 16983570
There is a windows version of Ntop, and Cacti. If the switch can't do a port mirror, or port spanning, then Ntop won't help unless you install it on each machine. Windows connection sharing is easy to use, however windows can't brake down the bandwidth usage for each pc. Most routers, nowadays, can do some sort of accounting to tell you the number of bytes passed by each machine going through it.
LVL 13

Accepted Solution

prashsax earned 400 total points
ID: 16986751
You can put a HUB between your internet router and the switch.

Then connect a machine on this hub.(This machine will listen to all traffic).

Capture the traffic and see who is eating up the bandwidth.

Use ethereal for capturing the data.
LVL 10

Assisted Solution

stafi earned 25 total points
ID: 16987486
use this tool:


Assisted Solution

Zabulon777 earned 25 total points
ID: 16987764
Try out some different tools.. mostly open source!  There are a lot of ways to detect the machine that is spamming... The hard part is finding one that you like!  GOOD LUCK!

Assisted Solution

abarneslouortho earned 25 total points
ID: 16988533
if you really want to go the route of using a computer as a gateway.... its quite simple...

build a box with 2 nic's.

one nic has a cable from your computer to the switch.

the other nic has a cable from your computer to your internet connection.

not all that hard, just creates a bottleneck in the network, but considering your current situation, you may not notice a difference!! :D

once you have that set up you can monitor network usage with one of those tools linked above.

(just another hard manual way of going about things that wouldnt require building anything, you can go to each individual machine, ctrl+alt+del, then under the networking tab, see if any of them are using a lot of their connection.

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question