Monitor Internet Usage on router

Hi experts,

I have something horrible to deal with. It is the common "employees misusing company internet" problem. Is there a way for me to track internet traffic by IP or MAC address on the "Billion BiPAC 7300GRA" router? Or perhaps maybe an application?

I have looked around on the internet, but was not able to find one that suits my needs. The ideal solution would be to monitor the IP addresses without installing anything on the employees' computers, but if I don't have any other choice, that will have to do.

Thanks.
LVL 9
Pieter MaraisLead DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

koolinCommented:
PRTG Network Monitor, it will monitor, graph and track usuage through any SNMP enabled device.  You will need to confirm and possibly setup the SNMP trap on the router.  From the features and specifications page on the Billion site it looks like it supports all SNMP versions.  Since your only monitoring the one router and probably the 1 WAN port your only going to be using 1 sensor and the free version of PRTG includes up to 10.

PRTG Network Monitor - http://www.paessler.com/prtg

Billion product reference http://au.billion.com/product/adsl/bipac7300ra.php (see Features and Specifiations tab and Management section for SNMP support details).  

You will need to refer to the manual (http://au.billion.com/product/usermanual.php) for configuring SNMP - section 5.3.9.7 SNMP Access Control.  You only need to set a SNMP v1 and v2 read community string, in the IP put in the computer that will be running/doing the monitoring to control SNMP access to only that machine, this shouldn't be required but good practice.

Once you get PRTG installed add a sensor of the IP address of your router and the read community string you entered in the router.  You'll then have to select which port and what you want to do extactly.  Play around with the settings and find what works best with that router.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pieter MaraisLead DeveloperAuthor Commented:
Thanks for the reply. I have every thing ready, but I have one more question.

Would enabling SNMP support on the router effect the internet connection for any of the other nodes connected to it?

Thanks
0
koolinCommented:
No, just use the SNMP read community string, no write string as PRTG is just reading data from the device and you shouldn't have any issues.
1
AbhisekSanyalCommented:
Hi,
  As you said "employees misusing company internet" is a tricky problem to deal with. But, in my experience, the actual issue is not well articulated by the management. By that statement, they could mean -
  • Someone is using torrent to download unauthorized files. This could be choking the bandwidth.
  • Someone is spending too much time on the Internet chatting
  • Someone is visiting objectionable sites
SNMP monitoring of the router takes care of the first possibility and will tell you what is the Bandwidth Usage in absolute terms versus time. It will not give you answers to the what, who and why ?
What is causing the high Bandwidth usage
Which system is causing the high Bandwidth usage
Why is there such a high Bandwidth usage (It could be someone downloading something or even a malicious application sending out spam / hosting malware)

And if the actual issue is the second or third possibility, then SNMP monitoring will not help you at all. You should cover all your bases.
As you are going to put in resources and time to run a SNMP monitoring tool, I suggest that you also try something like -
  • Connect a Firewall in Bridge mode and allow all traffic through it. Enable logs in this firewall. This will tell you what kind of traffic is coming in and out. It will also tell you what is the protocol, the source and destination Ip Address and the Mac Address of the source system.
  • Enable the Proxy on the Firewall to run in an interception mode and allow all traffic through the Proxy. Enables logs in the proxy application. This will tell you what category of sites are being visited by your users and when. It will also be able to give you a break down of data usage from each site.
You can experience a very small lag in using the Internet. It will also introduce a point of failure in your network.
There are several solutions which you can  implement to gather these data.

The logical next step of the task that you have undertaken is implementing Internet policies. These can be implemented using the solutions you used to gather the above data.

0
pipo_tinCommented:
Hi Ezfrag,

Here's my 2 cents.

A PRTG monitoring is very well worth the time and will give you good info on the amount of bandwidth each PC is using. This is a good way to start knowing what your users are doing, but you will probably need more.

A Firewall will tell you more about the content your users are accessing.

Next step would be to control what these users are doing on the Internet. A good way is content filtering solution, such as Websense. I have installed Websense a couple of times and it works very well. It filters what your users can download and access, and it has very granular filter configuraton tools. All of the filtering is done in real time and you will barely notice the difference, also the bandwidth saved will be many times more than the one used by the tool.

Websense is a commercial software application that needs a dedicated machine to run on. There are some Open Source projects that promise at least some of the functionality but I have not tried them, I'm sure some of them work pretty well.

You could also try to setup a simple filter and see how it goes.

Hope this helps.
1
inbox788Commented:
How sophisticated are your users? For average users, OpenDNS is a good solution for monitoring as well as controlling. It's not a complete solution, but easy to implement and use, and best of all free (basic service).

The basic service won't tell you who's going where, but it will tell you something about typical restricted sites. It can also restrict some web sites (or better catagories). In some ways, it's less "big brother" than watching every site employees visit, which depending on your needs and philosophy, may be quite fine.

http://www.opendns.com/solutions/business/statistics/

0
inbox788Commented:
Here's a brief article outlining the features/functions of OpenDNS

Block Unwanted Websites with OpenDNS
http://www.itoperationz.com/2009/09/block-unwanted-websites-with-opendns/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.