How can I track down what is using up all my upload speed?

We have an office that has a 3Mb down 1Mb up ADSL connection.  We have been experiencing slow upload speeds and as a result we have VPN users being severely impacted on their RDP connections.  What would be the best way for me to track down what is chewing up all of our upload bandwidth.  I have checked our router logs and can't see anything really jumping out at me. In testing I am only able to achieve .1 to .3Mb upload speed yet our ISP tells me that we are capping at 1.0Mb on their end.  Something is flooding the connection but I can't seem to find it.

Any help is appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

As far as you have hardware router and cannot dive inside, you have to install something like firewalls on your local computers to determine what's flooding having soma graphical UI. Other option to check the list of active network process from command line (netstat -b) - but it will not indicate the speed of traffic utilization (can be helpful to catch trojan), so firewall should work for you (I"m using Outpost Firewall)
A GUI alternative to netstat is TCPView, pretty much the same functionality
You don't really say what you have on your side of the router.  1Mbps doesn't go a long way if you have any sort of servers on the inside. A little more info on what's in the office would help.
If you're constantly pegged, I'd start this the old fashioned way, by pulling (network) plugs.  Set up a laptop at the router and start doing speed tests.  Discconect a bank of users (or servers) and see if upload speed jumps.  Once you see a big jump, you know what group it's in, then start pulling those one-by-one and testing.  This will at least let you know if it's a single machine or distributed.  Assuming you're only talking less than a dozen machines it shouldn't take you more than 15 minutes.
If it's a single machine, now you can look for the usual culprits (trojans, viri, torrents, etc).  If it's a server, is it serving anything that might be chatty outside, or perhaps a hacked FTP/HTTP site that is being used to distribute warez?  The analyzer is going to be helpful if the upload use distributed across many machines, but often just knowing what machines will cause an AHA! moment (or more likely, D'OH!) to better understand the root cause.
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

urbanstylesAuthor Commented:
Sorry for the delay in getting back to this.  Turns out the issue was our SonicWall Email Security device that was communicating WAY too much data back to SonicWall on Spam Fingerprint data.  Disabled upload communication and upload volume returned to normal.

Thanks for thei help guys.
Thanks for the follow up. Your's is a good example where being complete on the description of all the equipment possibly involved is very helpful in diagnosing the problem (i.e., you didn't mention your lan side equipment).
Don't forget to close out the question, otherwise the volunteer staff will have to try and do it for you.
urbanstylesAuthor Commented:
I wish to simply resolve the question.  I was able to come to my own resolution of the problem through discussions with the hardware vendor.
Question PAQ'd and stored in the solution database.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.