Solved

How can I find out which user is using xxx Kbps on my office LAN?

Posted on 2008-06-19
8
265 Views
Last Modified: 2013-11-16
I have a watchguard Firebox X1000. I have the ability to see how many Kbps are going OUT, coming in, coming in on IMAP Port and going out on SMTP and such. I can also use the hostWatch to see what users are connected to what sites.

But I cant seem to figure out is how to see WHO is using the largest chunk of bandwidth. If for example some days I am getting peaks of a constant 700Kbps outbound traffic, I want to know which user is causing this huge spike in my network.

How can I find this out?

I would GREATLY appreciate help on this matter.
0
Comment
Question by:nichiaiinc
  • 3
  • 3
  • 2
8 Comments
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 500 total points
ID: 21820417
Hi,

For that purpose you need to have to have some NMS. A few possible options are:

HP-OpenView                 www.hp.com
JFFNMS                              www.jffnms.org
OpenNMS                           www.opennms.org
Nagios                              www.nagios.org
ZenOSS                            www.zenoss.com
Cacti                                www.cacti.net
MRTG                              oss.oetiker.ch/mrtg
PRTG                              www.paessler.com/prtg
Adventnet Netflow Analyzer      www.adventnet.com
SolarWinds Orion       www.solarwinds.com
Bandwidthd                  bandwidthd.sourceforge.net
Ntop                               www.ntop.org
Observer                    www.networkinstruments.com
AutoNOC                           www.autonoc.com

0
 
LVL 6

Expert Comment

by:psychic_zero
ID: 21820550
I have once having a problem at my company whereby there is 1 PC which flood and congested our network due to broadcast storm. So I used this freeware - Show Traffic to find which PC did the problem and found it as the program will show the IP Address, Hostname, Traffic and the speed of network packet. You can download from here and maybe find it quite useful. Hope this help.

http://demosten.com/showtraf/
0
 

Author Comment

by:nichiaiinc
ID: 21822475
Psychic zero,

Thanks I gave that software a try, but it seems the numbers arent really reporting the proper numbers. However, I think it will be good enough to give me an idea of bandwidth hoggers if there are some.

I have a question for everyone, where does this software need to be placed. I would imagine the only machine that can see all the traffic is the router, I installed this test software on the AD server, is this where I should instlal it, or somewhere else? I am a bit confused on where I should put it.

uetian1707,

are any of those you mentioned open source and/or free?

Thanks!
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21828344
Thanks for the update:

JffNMS,OpenNMS,Nagios,ZenOSS,Cacti,MRTG,Bandwidthd and NTOP are free as well as Open Source.

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 6

Expert Comment

by:psychic_zero
ID: 21828490
At AD server also OK as all computer in the network will communicate with the AD server. You can also put at any server which all computers are used it such as File server, Mail server, etc. Maybe you can give a try.
0
 

Author Comment

by:nichiaiinc
ID: 21828595
But will this really give me proper results. It's only going to show the traffic between the two devices. So if there is traffic to the file server from the end user it will show the bandwidth he is using. But what if they are downloading a file at 700k/sec, then it's not going to show this, correct?

I want to know who if anyone is downloading large data or streaming media out through our internet connection.
0
 
LVL 6

Expert Comment

by:psychic_zero
ID: 21828657
So maybe you can install at your Internet Proxy server so that you can know who download a big file from Internet.
0
 

Author Closing Comment

by:nichiaiinc
ID: 31468683
Uetian is the winner. The most resources were provided. I am still unclear how to actaully monitor all the traffic because these are software on one server but I want to monitor all traffic. Since this quesiton is dying out, I will close it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now