?
Solved

Packet Sniffer or Similar Functionality

Posted on 2008-10-17
13
Medium Priority
?
474 Views
Last Modified: 2013-12-14
The DSL line in the office has been slammed lately.  I'm going through the process of increasing bandwidth, but I'd also like to identify the individuals in the office who are abusing the bandwidth.  Can I get away with software on one of the severs?  Or, should I look into a Cisco router that monitors activity by IP?  If I go with a Cisco router, should I go with a DSL router or splice in an Ethernet router between the DSL router and the switch?
0
Comment
Question by:jdana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 23

Expert Comment

by:Kamaraj Subramanian
ID: 22745487
0
 
LVL 8

Accepted Solution

by:
pzozulka earned 400 total points
ID: 22745488
Free packet sniffer: WireShark
Could be a little too complex for the job you need.

Some of the great tools I've used in the past are: CAIN, and WebSence
0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 400 total points
ID: 22745715
I would recommend the Cisco router. Possibly the 871 model. Leave the dsl modem in place but set it to bridge mode. Then you can configure a netflow monitor like scrutinizer (www.plixer.com) and tell exactly where your bandwidth is going.
Shawn
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:jdana
ID: 22745813
Two following questions
1) Can I configure a packet sniffer to collect ALL DSL traffic?  (And exclude local traffic?)
2) wingatesl - Unfortunately, Qwest (my ISP) doesn't allow transparent bridging on DSL routers connected to their lines.  (I've been told it simply doesn't work.)  Is there a Cisco DSL router that does effectively the same thing?
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 22745925
You can get dsl models of the 800 series.. Like the 877
You can configure the filters on a packet sniffer to exclue local network traffic. It will be difficult to determine bandwidth from the data that is presented though. What type of DSL router are you currently using?
0
 

Author Comment

by:jdana
ID: 22745959
It aint much, an ActionTec GT701.
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 22745969
no snmp support on that one.
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 400 total points
ID: 22745990
Are you sure you can't transparent bridge with your qwest?  It might vary from region to region, but I'm in the pacific NW, and have set up a number of qwest dsl lines with transparent bridging to routers.  

You might try calling tech support again, and make sure you get past the Tier 1 support that just reads you scripted answers.
0
 

Author Comment

by:jdana
ID: 22746041
It couldn't hurt to call them.
0
 
LVL 12

Assisted Solution

by:hfraser
hfraser earned 400 total points
ID: 22746494
If you're able to sniff the traffic to/from the router, "ntop" will track activity by IP address, protocol, etc. and provide historical trending as well. This can be used to identify bandwidth hogs.
0
 
LVL 23

Assisted Solution

by:Mysidia
Mysidia earned 400 total points
ID: 22747043
I have to second the  Cisco 87x suggestion.  The DSL line being slammed does not necessarily mean an abuse of bandwidth is occuring.

Although it is frequent that (for example), a trojan/virus on the LAN may be pegging the DSL link,  using all available bandwidth to send spam, or  infected machines in the course of launching DDoS attacks against victim servers on the internet.


Another possible choice might be say an Cisco 1812.   Depending on how much bandwidth you eventually need.
In either case, be sure to get a unit that allows you to have an  advanced security image, i.e. say  c 871-sec-k9.


With the QoS  capabilities on these units,  you can do better than merely identifying the bandwidth (with netflow or ip accounting features)

You can actually police traffic, and limit certain types of outbound traffic.

For example, you can identify important traffic, and allow the important
traffic unlimited use of the connection.

While giving all other traffic a lower priority,  and limiting it to a certain
amount of bandwidth.

With "Soft QoS";  the limit varies  depending on important traffic, and
the lower priority traffic  can still use much bandwidth, as long as
the important traffic is flowing.


With "Hard QoS";  you can impose a hard rate limit on unimportant traffic.

For example, you could construct policies that will classify file sharing traffic,
and limit it to  100 kilobits,   even when the link is otherwise completely idle.


So not only does  some  managable  routing equipment better enable you
to detect the bandwidth sources:

it also provides some tools  that allow you to define  network routing policies
in order to reduce  the negative effect  of  excessive  non-business-critical
usage.

0
 
LVL 15

Expert Comment

by:wingatesl
ID: 22747063
The #1 benefit of the 1812 is the ability to add a second ISP whenever you need it.
0
 

Author Closing Comment

by:jdana
ID: 31507320
pzozulka - Thanks for the WireShark info.  I'm experimenting with it.
russell124 - You were right.  You can transparent bridge with Qwest.
wingatesl - Thanks for the Cisco 871 and 877 advice.  
Mysidia - Thanks for the QoS info.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question