We help IT Professionals succeed at work.

Network overload

glopezz asked
Hi experts!

I currently run a network of 35 people. I have a 1MBPS clear-channel connection with my provider. My provider gave me a link to monitor the connection usage. Since last week, it shows the network is overloaded, and of course all network services like web browsing, smtp, pop3, .. are experiencing latency.

I was wondering if there is a good, low budget tool to analyze network traffic and determine which computers are causing the most traffic? We don't have budget for a very expensive tool.

Thanks a lot!!
Watch Question

Top Expert 2010


can't get any much lower than free for a low budget tool.

If you do not have a linux box handy: http://slampp.abangadek.com/info/
LiveCD will get you going, but it is a handy tool to find some old clunker layer around to revive.


You don't need to spend money for getting this job done. Try some of these, they are golden standard in analyzing network traffic (and much more):

Wireshark http://www.wireshark.org/download.html
Show Traffic http://demosten.com/showtraf/
Network Probe http://www.objectplanet.com/probe/

My personal best is Wireshark so I recommend starting there :)

This is OKAY and cheap, so maybe worth a try.

With only 35 users maybe ask everyone to switch their computers off at night, see if the traffic is still a problem. Also then if you get in early, you could see at what point the traffic becomes a problem.

I had to troubleshoot something similar for a small company years ago. Something else I did was when I saw someone leave their desk, I would go to their PC and look at task manager to see what traffic was doing on their PC.

Also make sure all virus software is up to date.
Optionally you can look at PRTG Network Monitor http://www.paessler.com/prtg/download it has some nice features and when correctly configured it will let you know when problem occurs. Free version should suit your needs.

this one is quite nice as well.


for your network, i suggest to have a look at the firewall log for the specific period of time to see what happen. or you can even set some rules to stop certain IP for network connection as well if your firewall has that function. you can also check if your firewall can provide you some sort of traffic report.

ntop, is your choice. Basically, by just listening on the LAN it will tell you which PCs is using what protocols and how much. There is effectively nothing to configure on it...


Managed to detect the http requests using Wireshark. Took me some time to configure it, add port mirroring to my switch and understanding the captures and top talkers, but we seem to have found the computers causing this.

Thanks everyone.