Internet bandwidth utilization is full

we have aroud 400 windows XP client machine's in office  is accessing Internet 24/7, from yesterday onwards our  4 mbps bandwidth internet
link is showing fulll utilization , I feel that The very high Internet utilization in our network  can be the  characteristic of some virus/malware  ,that is  contributing  thi high traffic .The  traffic is passing thourgh a firewall and then to the internnet router ,  I have enabled  the IP accounting to to find the percentage of bandwidth utilization , but haven't helped me .
Can you please help me to find a resolution for this .
Who is Participating?
thetmanvnConnect With a Mentor Commented:
With cisco pix 515, we have a little choice for tracking user traffic directly.
There's a way here using logging trap and send to external syslog then use perl script to get what you want. (Check post #5)

Or if you have a good switch that support monitor mode (like SPAN mode of Cisco) then you can use this port to monitor traffic from all other ports and use packet analyzer (wireshark the number 1) to capture and analyis.

Hope this help
Which firewall you're using?
darvinvAuthor Commented:
its cisco pix515e
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Sudeep SharmaTechnical DesignerCommented:
What ports are open on your firewall, which users could easily use?

I would recommend that not all the ports should be open excepts ones which are required

It could be some PC which is using Torrent, or if some is downloading stuff via http from various file sharing website.

Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP and CCIPCommented:
look @

I used MRTG (It's still running actually), and swapped to Cacti. It's still a bit difficult (Devices, data queries, Graphs, etc) but well worth it...just give it a try. Cacti is a brilliant software beside nagios and MRTG ..... to narrow down the problem
On the firewall policy log for allowed internet traffic, check the source IP in real time. Its a manual way just to find the infected machine or the user monopolizing the line. You may not have exact idea, but in some cases it helps.
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.