How can I find out which user is using xxx Kbps on my office LAN?

I have a watchguard Firebox X1000. I have the ability to see how many Kbps are going OUT, coming in, coming in on IMAP Port and going out on SMTP and such. I can also use the hostWatch to see what users are connected to what sites.

But I cant seem to figure out is how to see WHO is using the largest chunk of bandwidth. If for example some days I am getting peaks of a constant 700Kbps outbound traffic, I want to know which user is causing this huge spike in my network.

How can I find this out?

I would GREATLY appreciate help on this matter.
nichiaiincAsked:
Who is Participating?
 
Kamran ArshadConnect With a Mentor IT AssociateCommented:
Hi,

For that purpose you need to have to have some NMS. A few possible options are:

HP-OpenView                 www.hp.com
JFFNMS                              www.jffnms.org
OpenNMS                           www.opennms.org
Nagios                              www.nagios.org
ZenOSS                            www.zenoss.com
Cacti                                www.cacti.net
MRTG                              oss.oetiker.ch/mrtg
PRTG                              www.paessler.com/prtg
Adventnet Netflow Analyzer      www.adventnet.com
SolarWinds Orion       www.solarwinds.com
Bandwidthd                  bandwidthd.sourceforge.net
Ntop                               www.ntop.org
Observer                    www.networkinstruments.com
AutoNOC                           www.autonoc.com

0
 
psychic_zeroCommented:
I have once having a problem at my company whereby there is 1 PC which flood and congested our network due to broadcast storm. So I used this freeware - Show Traffic to find which PC did the problem and found it as the program will show the IP Address, Hostname, Traffic and the speed of network packet. You can download from here and maybe find it quite useful. Hope this help.

http://demosten.com/showtraf/
0
 
nichiaiincAuthor Commented:
Psychic zero,

Thanks I gave that software a try, but it seems the numbers arent really reporting the proper numbers. However, I think it will be good enough to give me an idea of bandwidth hoggers if there are some.

I have a question for everyone, where does this software need to be placed. I would imagine the only machine that can see all the traffic is the router, I installed this test software on the AD server, is this where I should instlal it, or somewhere else? I am a bit confused on where I should put it.

uetian1707,

are any of those you mentioned open source and/or free?

Thanks!
0
The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
Kamran ArshadIT AssociateCommented:
Thanks for the update:

JffNMS,OpenNMS,Nagios,ZenOSS,Cacti,MRTG,Bandwidthd and NTOP are free as well as Open Source.

0
 
psychic_zeroCommented:
At AD server also OK as all computer in the network will communicate with the AD server. You can also put at any server which all computers are used it such as File server, Mail server, etc. Maybe you can give a try.
0
 
nichiaiincAuthor Commented:
But will this really give me proper results. It's only going to show the traffic between the two devices. So if there is traffic to the file server from the end user it will show the bandwidth he is using. But what if they are downloading a file at 700k/sec, then it's not going to show this, correct?

I want to know who if anyone is downloading large data or streaming media out through our internet connection.
0
 
psychic_zeroCommented:
So maybe you can install at your Internet Proxy server so that you can know who download a big file from Internet.
0
 
nichiaiincAuthor Commented:
Uetian is the winner. The most resources were provided. I am still unclear how to actaully monitor all the traffic because these are software on one server but I want to monitor all traffic. Since this quesiton is dying out, I will close it.
0
All Courses

From novice to tech pro — start learning today.