Internet bandwidth utilization is full

we have aroud 400 windows XP client machine's in office  is accessing Internet 24/7, from yesterday onwards our  4 mbps bandwidth internet
link is showing fulll utilization , I feel that The very high Internet utilization in our network  can be the  characteristic of some virus/malware  ,that is  contributing  thi high traffic .The  traffic is passing thourgh a firewall and then to the internnet router ,  I have enabled  the IP accounting to to find the percentage of bandwidth utilization , but haven't helped me .
Can you please help me to find a resolution for this .
darvinvAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thetmanvnCommented:
Which firewall you're using?
0
darvinvAuthor Commented:
its cisco pix515e
0
thetmanvnCommented:
With cisco pix 515, we have a little choice for tracking user traffic directly.
There's a way here using logging trap and send to external syslog then use perl script to get what you want. (Check post #5)

http://groups.google.ca/group/comp.dcom.sys.cisco/tree/browse_frm/thread/972a527ba458f06/2d9638c4e38063ef

Or if you have a good switch that support monitor mode (like SPAN mode of Cisco) then you can use this port to monitor traffic from all other ports and use packet analyzer (wireshark the number 1) to capture and analyis.

Hope this help
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Sudeep SharmaTechnical DesignerCommented:
What ports are open on your firewall, which users could easily use?

I would recommend that not all the ports should be open excepts ones which are required

It could be some PC which is using Torrent, or if some is downloading stuff via http from various file sharing website.

Sudeep
0
madunixCommented:
look @

http://cacti.net/
http://oss.oetiker.ch/mrtg/
http://www.section6.net/wiki/index.php/Setting_up_MRTG_in_FreeBSD
http://forums.freebsd.org/showthread.php?t=248
http://www.nagios.org/


I used MRTG (It's still running actually), and swapped to Cacti. It's still a bit difficult (Devices, data queries, Graphs, etc) but well worth it...just give it a try. Cacti is a brilliant software beside nagios and MRTG ..... to narrow down the problem
0
Nasir-SiddiqueCommented:
On the firewall policy log for allowed internet traffic, check the source IP in real time. Its a manual way just to find the infected machine or the user monopolizing the line. You may not have exact idea, but in some cases it helps.
0
younghvCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.