?
Solved

Internet bandwidth utilization is full

Posted on 2010-09-15
8
Medium Priority
?
632 Views
Last Modified: 2013-11-22
we have aroud 400 windows XP client machine's in office  is accessing Internet 24/7, from yesterday onwards our  4 mbps bandwidth internet
link is showing fulll utilization , I feel that The very high Internet utilization in our network  can be the  characteristic of some virus/malware  ,that is  contributing  thi high traffic .The  traffic is passing thourgh a firewall and then to the internnet router ,  I have enabled  the IP accounting to to find the percentage of bandwidth utilization , but haven't helped me .
Can you please help me to find a resolution for this .
0
Comment
Question by:darvinv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 8

Expert Comment

by:thetmanvn
ID: 33680597
Which firewall you're using?
0
 

Author Comment

by:darvinv
ID: 33680630
its cisco pix515e
0
 
LVL 8

Accepted Solution

by:
thetmanvn earned 1000 total points
ID: 33680684
With cisco pix 515, we have a little choice for tracking user traffic directly.
There's a way here using logging trap and send to external syslog then use perl script to get what you want. (Check post #5)

http://groups.google.ca/group/comp.dcom.sys.cisco/tree/browse_frm/thread/972a527ba458f06/2d9638c4e38063ef

Or if you have a good switch that support monitor mode (like SPAN mode of Cisco) then you can use this port to monitor traffic from all other ports and use packet analyzer (wireshark the number 1) to capture and analyis.

Hope this help
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33749033
What ports are open on your firewall, which users could easily use?

I would recommend that not all the ports should be open excepts ones which are required

It could be some PC which is using Torrent, or if some is downloading stuff via http from various file sharing website.

Sudeep
0
 
LVL 25

Expert Comment

by:madunix
ID: 33869433
look @

http://cacti.net/
http://oss.oetiker.ch/mrtg/
http://www.section6.net/wiki/index.php/Setting_up_MRTG_in_FreeBSD
http://forums.freebsd.org/showthread.php?t=248
http://www.nagios.org/


I used MRTG (It's still running actually), and swapped to Cacti. It's still a bit difficult (Devices, data queries, Graphs, etc) but well worth it...just give it a try. Cacti is a brilliant software beside nagios and MRTG ..... to narrow down the problem
0
 
LVL 3

Expert Comment

by:Nasir-Siddique
ID: 34031474
On the firewall policy log for allowed internet traffic, check the source IP in real time. Its a manual way just to find the infected machine or the user monopolizing the line. You may not have exact idea, but in some cases it helps.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34376207
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question