Internet usage/monitoring/Sonicwall TZ170

Is there a way I can check and see exactly how much bandwidth is being used by a user/computer? The TZ170 show an IP address and the ammount of data they have transmitted, but it does not show what that IP transmitted to or from, nor does it really tell me much about how much bandwith that IP is hogging.  More specifically there are some users that are using internet radio and it is starting to kill our connection. I would like to be able to see that computer x is hogging 64k of data, going to/from x.x.x.x/www.website.com on port xxxx in realtime.  Cost will be a concern.

PS I tried Viewpoint but it did not give me what i was looking for.
LVL 1
fsjavan32Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
0xSaPx0Connect With a Mentor Commented:
There is no specific way to do this as the TZ unit won't show you on a per IP basis. What you can do is increase logging and see what internet radio websites they are accessing then block them.

Also you can use tools like  Ntop (http://www.ntop.org) or Ethereal (http://www.ethereal.com) to get an idea of who's connecting to what.

0xSaPx0

0
 
Yves AccadConnect With a Mentor Network Security EngineerCommented:
you need to put a sniffer between your LAN and the gateway. As 0xSaPx0 pointed ntop and ethereal are 2 great tools for that. Ntop if you want long term stats and ethereal for a quick investigation.

You will either need a switch that supports port mirroring, where you will mirror all the ports to one port and sniff on that port, or you can put a HUB in between your LAN and Gateway, and plug the sniffer into the hub as HUBS have all ports in the same collision domain you'll be able to sniff all traffic.
0
 
itpowerhouseCommented:
Sonicwall has a subscription service called ViewPoint that actually records this exact info for you.  It is about 99 dollars to subscribe to and you can put the license code in your Sonicwall to unlock the functionality.  Sign in to MySonicwall.com and register your box and you can purchase it right there.  The free services mentioned above work well if you know how to use them.

http://www.sonicwall.com/support/pdfs/SonicWALL_ViewPoint_4.0_Release_Notes.pdf

0
 
itpowerhouseCommented:
We had the same exact issue.  I wish I had known you were unable to mount the old .edb and I would have posted this sooner.  We had Microsoft work on this problem and here is what they sent me as thier notes.  They were successful in saving the databases.  It's to late to help you but someone else will hit this eventually.

ISSUE: Wants to recover databases to new exchange server RESOLUTION STEPS:
-Copied the databases and renamed the mdbdata to mdbdata.old -Created the new folder mdbdata -Pasted all the priv1 and pub1 files in mdbdata -Tried to mount the store -It gave an error -Followed KB 313184 -Did the steps C:\Program Files\exchsrvr\BIN>eseutil /mh " drive :\Program Files\exchsrvr\MDBDATA\priv1.edb"

C:\Program Files\exchsrvr\BIN>eseutil /mh " drive :\Program Files\exchsrvr\MDBDATA\pub1.edb"
-It showed a dirty shutdown
-ran the following comands
C:\Program Files\exchsrvr\MDBDATA>"C:\Program Files\exchsrvr\BIN\eseutil" /p priv1.edb b.  To bring the Pub1.edb file back into a consistent state:
C:\Program Files\exchsrvr\MDBDATA>"C:\Program Files\exchsrvr\BIN\eseutil" /p pub1.edb -C:\Program Files\exchsrvr\BIN>eseutil /d C:\Program Files\exchsrvr\MDBDATA\priv1.edb b.  To defragment Pub1.edb:
C:\Program Files\exchsrvr\BIN>eseutil /d C:\Program Files\exchsrvr\MDBDATA\pub1.edb C:\Program Files\exchsrvr\BIN>isinteg -s (servername) -fix -test alltests -Tried to mount the stores -It was successful -Ran the exmerge utility -I copied emails in a pst folder on desktop -We were able to do exmerge -WE were able to get the previous emails but not todays -Tried to run exmerge again -It failed.
-Tried to do exmerge for single user
-It was successful
-Checked the email address from AD users and computers for one of the users.
-Set it to primary.
1
All Courses

From novice to tech pro — start learning today.