[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4116
  • Last Modified:

Monitor Internet Usage on router

Hi experts,

I have something horrible to deal with. It is the common "employees misusing company internet" problem. Is there a way for me to track internet traffic by IP or MAC address on the "Billion BiPAC 7300GRA" router? Or perhaps maybe an application?

I have looked around on the internet, but was not able to find one that suits my needs. The ideal solution would be to monitor the IP addresses without installing anything on the employees' computers, but if I don't have any other choice, that will have to do.

Thanks.
0
Pieter Marais
Asked:
Pieter Marais
1 Solution
 
koolinCommented:
PRTG Network Monitor, it will monitor, graph and track usuage through any SNMP enabled device.  You will need to confirm and possibly setup the SNMP trap on the router.  From the features and specifications page on the Billion site it looks like it supports all SNMP versions.  Since your only monitoring the one router and probably the 1 WAN port your only going to be using 1 sensor and the free version of PRTG includes up to 10.

PRTG Network Monitor - http://www.paessler.com/prtg

Billion product reference http://au.billion.com/product/adsl/bipac7300ra.php (see Features and Specifiations tab and Management section for SNMP support details).  

You will need to refer to the manual (http://au.billion.com/product/usermanual.php) for configuring SNMP - section 5.3.9.7 SNMP Access Control.  You only need to set a SNMP v1 and v2 read community string, in the IP put in the computer that will be running/doing the monitoring to control SNMP access to only that machine, this shouldn't be required but good practice.

Once you get PRTG installed add a sensor of the IP address of your router and the read community string you entered in the router.  You'll then have to select which port and what you want to do extactly.  Play around with the settings and find what works best with that router.
1
 
Pieter MaraisLead DeveloperAuthor Commented:
Thanks for the reply. I have every thing ready, but I have one more question.

Would enabling SNMP support on the router effect the internet connection for any of the other nodes connected to it?

Thanks
0
 
koolinCommented:
No, just use the SNMP read community string, no write string as PRTG is just reading data from the device and you shouldn't have any issues.
1
 
AbhisekSanyalCommented:
Hi,
  As you said "employees misusing company internet" is a tricky problem to deal with. But, in my experience, the actual issue is not well articulated by the management. By that statement, they could mean -
  • Someone is using torrent to download unauthorized files. This could be choking the bandwidth.
  • Someone is spending too much time on the Internet chatting
  • Someone is visiting objectionable sites
SNMP monitoring of the router takes care of the first possibility and will tell you what is the Bandwidth Usage in absolute terms versus time. It will not give you answers to the what, who and why ?
What is causing the high Bandwidth usage
Which system is causing the high Bandwidth usage
Why is there such a high Bandwidth usage (It could be someone downloading something or even a malicious application sending out spam / hosting malware)

And if the actual issue is the second or third possibility, then SNMP monitoring will not help you at all. You should cover all your bases.
As you are going to put in resources and time to run a SNMP monitoring tool, I suggest that you also try something like -
  • Connect a Firewall in Bridge mode and allow all traffic through it. Enable logs in this firewall. This will tell you what kind of traffic is coming in and out. It will also tell you what is the protocol, the source and destination Ip Address and the Mac Address of the source system.
  • Enable the Proxy on the Firewall to run in an interception mode and allow all traffic through the Proxy. Enables logs in the proxy application. This will tell you what category of sites are being visited by your users and when. It will also be able to give you a break down of data usage from each site.
You can experience a very small lag in using the Internet. It will also introduce a point of failure in your network.
There are several solutions which you can  implement to gather these data.

The logical next step of the task that you have undertaken is implementing Internet policies. These can be implemented using the solutions you used to gather the above data.

0
 
pipo_tinCommented:
Hi Ezfrag,

Here's my 2 cents.

A PRTG monitoring is very well worth the time and will give you good info on the amount of bandwidth each PC is using. This is a good way to start knowing what your users are doing, but you will probably need more.

A Firewall will tell you more about the content your users are accessing.

Next step would be to control what these users are doing on the Internet. A good way is content filtering solution, such as Websense. I have installed Websense a couple of times and it works very well. It filters what your users can download and access, and it has very granular filter configuraton tools. All of the filtering is done in real time and you will barely notice the difference, also the bandwidth saved will be many times more than the one used by the tool.

Websense is a commercial software application that needs a dedicated machine to run on. There are some Open Source projects that promise at least some of the functionality but I have not tried them, I'm sure some of them work pretty well.

You could also try to setup a simple filter and see how it goes.

Hope this helps.
1
 
inbox788Commented:
How sophisticated are your users? For average users, OpenDNS is a good solution for monitoring as well as controlling. It's not a complete solution, but easy to implement and use, and best of all free (basic service).

The basic service won't tell you who's going where, but it will tell you something about typical restricted sites. It can also restrict some web sites (or better catagories). In some ways, it's less "big brother" than watching every site employees visit, which depending on your needs and philosophy, may be quite fine.

http://www.opendns.com/solutions/business/statistics/

0
 
inbox788Commented:
Here's a brief article outlining the features/functions of OpenDNS

Block Unwanted Websites with OpenDNS
http://www.itoperationz.com/2009/09/block-unwanted-websites-with-opendns/
0
Tackle projects and never again get stuck behind a technical roadblock.
Join Now