urbanstyles
asked on
How can I track down what is using up all my upload speed?
We have an office that has a 3Mb down 1Mb up ADSL connection. We have been experiencing slow upload speeds and as a result we have VPN users being severely impacted on their RDP connections. What would be the best way for me to track down what is chewing up all of our upload bandwidth. I have checked our router logs and can't see anything really jumping out at me. In testing I am only able to achieve .1 to .3Mb upload speed yet our ISP tells me that we are capping at 1.0Mb on their end. Something is flooding the connection but I can't seem to find it.
Any help is appreciated.
Any help is appreciated.
As far as you have hardware router and cannot dive inside, you have to install something like firewalls on your local computers to determine what's flooding having soma graphical UI. Other option to check the list of active network process from command line (netstat -b) - but it will not indicate the speed of traffic utilization (can be helpful to catch trojan), so firewall should work for you (I"m using Outpost Firewall)
A GUI alternative to netstat is TCPView, pretty much the same functionality
http://live.sysinternals.com/Tcpview.exe
http://live.sysinternals.com/Tcpview.exe
You don't really say what you have on your side of the router. 1Mbps doesn't go a long way if you have any sort of servers on the inside. A little more info on what's in the office would help.
If you're constantly pegged, I'd start this the old fashioned way, by pulling (network) plugs. Set up a laptop at the router and start doing speed tests. Discconect a bank of users (or servers) and see if upload speed jumps. Once you see a big jump, you know what group it's in, then start pulling those one-by-one and testing. This will at least let you know if it's a single machine or distributed. Assuming you're only talking less than a dozen machines it shouldn't take you more than 15 minutes.
If it's a single machine, now you can look for the usual culprits (trojans, viri, torrents, etc). If it's a server, is it serving anything that might be chatty outside, or perhaps a hacked FTP/HTTP site that is being used to distribute warez? The analyzer is going to be helpful if the upload use distributed across many machines, but often just knowing what machines will cause an AHA! moment (or more likely, D'OH!) to better understand the root cause.
If you're constantly pegged, I'd start this the old fashioned way, by pulling (network) plugs. Set up a laptop at the router and start doing speed tests. Discconect a bank of users (or servers) and see if upload speed jumps. Once you see a big jump, you know what group it's in, then start pulling those one-by-one and testing. This will at least let you know if it's a single machine or distributed. Assuming you're only talking less than a dozen machines it shouldn't take you more than 15 minutes.
If it's a single machine, now you can look for the usual culprits (trojans, viri, torrents, etc). If it's a server, is it serving anything that might be chatty outside, or perhaps a hacked FTP/HTTP site that is being used to distribute warez? The analyzer is going to be helpful if the upload use distributed across many machines, but often just knowing what machines will cause an AHA! moment (or more likely, D'OH!) to better understand the root cause.
ASKER
Sorry for the delay in getting back to this. Turns out the issue was our SonicWall Email Security device that was communicating WAY too much data back to SonicWall on Spam Fingerprint data. Disabled upload communication and upload volume returned to normal.
Thanks for thei help guys.
Thanks for thei help guys.
Thanks for the follow up. Your's is a good example where being complete on the description of all the equipment possibly involved is very helpful in diagnosing the problem (i.e., you didn't mention your lan side equipment).
Don't forget to close out the question, otherwise the volunteer staff will have to try and do it for you.
Don't forget to close out the question, otherwise the volunteer staff will have to try and do it for you.
ASKER
I wish to simply resolve the question. I was able to come to my own resolution of the problem through discussions with the hardware vendor.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.