Solved

Internet bandwidth utilization is full

Posted on 2010-09-15
8
624 Views
Last Modified: 2013-11-22
we have aroud 400 windows XP client machine's in office  is accessing Internet 24/7, from yesterday onwards our  4 mbps bandwidth internet
link is showing fulll utilization , I feel that The very high Internet utilization in our network  can be the  characteristic of some virus/malware  ,that is  contributing  thi high traffic .The  traffic is passing thourgh a firewall and then to the internnet router ,  I have enabled  the IP accounting to to find the percentage of bandwidth utilization , but haven't helped me .
Can you please help me to find a resolution for this .
0
Comment
Question by:darvinv
8 Comments
 
LVL 8

Expert Comment

by:thetmanvn
ID: 33680597
Which firewall you're using?
0
 

Author Comment

by:darvinv
ID: 33680630
its cisco pix515e
0
 
LVL 8

Accepted Solution

by:
thetmanvn earned 250 total points
ID: 33680684
With cisco pix 515, we have a little choice for tracking user traffic directly.
There's a way here using logging trap and send to external syslog then use perl script to get what you want. (Check post #5)

http://groups.google.ca/group/comp.dcom.sys.cisco/tree/browse_frm/thread/972a527ba458f06/2d9638c4e38063ef

Or if you have a good switch that support monitor mode (like SPAN mode of Cisco) then you can use this port to monitor traffic from all other ports and use packet analyzer (wireshark the number 1) to capture and analyis.

Hope this help
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33749033
What ports are open on your firewall, which users could easily use?

I would recommend that not all the ports should be open excepts ones which are required

It could be some PC which is using Torrent, or if some is downloading stuff via http from various file sharing website.

Sudeep
0
 
LVL 25

Expert Comment

by:madunix
ID: 33869433
look @

http://cacti.net/
http://oss.oetiker.ch/mrtg/
http://www.section6.net/wiki/index.php/Setting_up_MRTG_in_FreeBSD
http://forums.freebsd.org/showthread.php?t=248
http://www.nagios.org/


I used MRTG (It's still running actually), and swapped to Cacti. It's still a bit difficult (Devices, data queries, Graphs, etc) but well worth it...just give it a try. Cacti is a brilliant software beside nagios and MRTG ..... to narrow down the problem
0
 
LVL 3

Expert Comment

by:Nasir-Siddique
ID: 34031474
On the firewall policy log for allowed internet traffic, check the source IP in real time. Its a manual way just to find the infected machine or the user monopolizing the line. You may not have exact idea, but in some cases it helps.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34376207
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

It is a common problem that often server suffers from the lack of space on system volume. Old servers or new ones from vendors come with preformatted small volume - 5-6GB in total and after installing updates or applications the free space on system…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now