Solved

Monitor Internet Traffic (LAN Users)

Posted on 2010-11-15
21
705 Views
Last Modified: 2012-06-22
Hi there,

I need some method to monitor internet traffic. I biggest problem is that sometimes, our bandwidth is complete stressed and I have no way to find out what user/machines is causing the heavy load.

I can look at the firewall logs, but it is not clear exactly which mahcines is causing the heavy load.

I am using SonicWall (NSA 3500 ) as my network firewall. I would really like to get a realt-time interface that shows me this information or if you can help with a procedure for me to track this activity in some other manner.

Third party tools would also be of interest to me, if not too expensive.

Thanks in advance.

FN

0
Comment
Question by:fasuln
  • 7
  • 3
  • 2
  • +5
21 Comments
 
LVL 1

Expert Comment

by:tuxnani
ID: 34135229
you can use wireshark, and its very easy and comfortable to use it.
http://www.wireshark.org/
see there and there are pretty good number of tutorials available over net. It can be used on most OS environments.
0
 
LVL 5

Expert Comment

by:sabk
ID: 34135287
0
 
LVL 4

Expert Comment

by:1oo4
ID: 34135304
best way to do this is to use SNMP graphing tool

http://www.softpedia.com/get/Network-Tools/Bandwidth-Tools/PRTG-Paessler-Router-Traffic-Grapher.shtml

Allow SNMP sonnection to you firewall first.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:fasuln
ID: 34135595
Hi 1oo4:,

I already use the PRTG tool and i think it's great, but it shows me network wide level traffic and I can see that they is heavy load, but I cannot see which machines/user or IP is causing the heavy load. Maybe I have not set it up correctly, so if you can suggest how best to get this info out..

Hi sabk,

can you please tell me what kind of info 'SYSLOG' gives me. So far, I am not too impressed with the reporting on SonicWall, a screenshot would be great and I assume that this info has to be passed on to another server, from what I can see in the setting. Can you explain how this is setup.

Hi tuxnani:
I had a quick look at this tool and it looks like a packet capture tool, and although it like using this type of tool for my admin taks, it does not produce and kind of good reporting for my manager. Is there no software that can show me that (userA) is currently on a (webiste) or (downloading something ) etc..

GUI is important and reporting is even more important. I am looking to monitor employee internet activity.

Thanks,
0
 
LVL 4

Expert Comment

by:1oo4
ID: 34135617
If your clients are connected directly to your firewall then you should poll for the  traffic on a specific interface on the firewall. If they are connected to a switch then use PRTG to SNMP poll the switch for the traffic on the corresponding interface. You will have to modify the OID (or MIB) in PRTG accordingly.
0
 

Author Comment

by:fasuln
ID: 34135719
Hi 1oo4,

the setup here is as follows:

1. All users are connected to network switches
2. The firewall is connected into the switch as a gateway.
3. I have PRTG installed on a XP machine.

I have attached a screenshot of what I see now, when I launch PRTG. As you can see, if gives me network snapshot, which is great, but I need to get a breakdown of IP address also.

I am not sure how to setup what you have suggested. It would be great if you acn details exactly what I need to do.

Thanks in advance.
FN
 PRTG Screenshot
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 34135780
NTOP can tell you what you need to know
http://www.ntop.org

Run NTOP on a PC with 2 NIC's in it. One NIC connected to a mirror port on the switch that mirrors all traffic in/out of the firewall. Use the other NIC to access the web interface/GUI from your workstation.

Else, try Manageengine's FirewallAnalyzer - http://www.manageengine.com/products/firewall/
It is simple setup and config. Install it on a server and point the firewall's syslogs to it and that's about all you have to do.
0
 
LVL 4

Expert Comment

by:1oo4
ID: 34136146
Log in to the switches and allow SNMP polling from the IP that belongs to PRTG.
Then add the swithches as devices to PRTG
Then add the necessary interfaces on the switches as SNMP traffic probes.
0
 
LVL 3

Assisted Solution

by:Hofpad
Hofpad earned 25 total points
ID: 34136404
Dear fasuln

If you activate "View Point Reporting" (you should have at least a 30-day trial) on your NSA3500, you will be able to setup up a virtual-appliance (download from MySonicWALL.com) where you can graph the usage of different protocols and the (web-)usage of different internal IPs (or users).

You will need to redirect the SonicWALLs Syslog-Traffic to that virtual-appliance. After that, you have "near-real-time" graphs, depending on your summarizer-interval on the ViewPoint-Virtual-Appliance.
0
 
LVL 3

Expert Comment

by:Mintar
ID: 34143651
I am using a program named "WFilter Enterprise", it can show you the real-time connections and bandwidth of every ip address.

Since you have a manageable switch, it is easy to setup. You only need to connect the WFilter computer to a mirroring port of your switch.

http://www.imfirewall.us
0
 

Author Comment

by:fasuln
ID: 34143691
Hi everyone,

just to confirm to you all. I do not have a managed switch.

can you tell me what my options are without a managed switch.

Thanks,
FN
0
 
LVL 3

Expert Comment

by:Hofpad
ID: 34143755
ViewPoint Reporting from SonicWALL. You find Documentation here:
http://www.sonicwall.com/us/support/3340.html
And you should have a 30 day trial.
0
 

Author Comment

by:fasuln
ID: 34179229
Hi Guys,

Thanks for all your advise. I am not a big fan of Viewpoint. I  do not use a managed switch, so if there any other good solutins or software?

I like the PRTG software, but it's not clear how to setup IP level reporting.

Any other advise of step by setp on PRTG would be great.

FN
0
 
LVL 3

Expert Comment

by:Mintar
ID: 34185001
There're three methods to monitor your network without a manageable switch.
1. Using a broadcasted Hub
2. Windows Gateway, Proxy Server or Bridge
3. ARP Spoofing

http://blog.imfirewall.us/Why+A+Port+Mirroring+Switch+Is+Required+To+Monitor+My+Network+How+To+Monitor+Internet+Usage+Without+A+Manageable+Switch.aspx
0
 

Author Comment

by:fasuln
ID: 34186141
Hi Mintar;,

Your second option might be the best solution. What is a good proxy server software?

Thanks,
0
 
LVL 5

Accepted Solution

by:
sabk earned 25 total points
ID: 34204711
the sonicwall syslog captures & reports all log activity and include source & destination addresses, no of bytes transferred and IP servcie. Syslog support does require that you have a syslog server running on your network and that the syslog daemon is running on UDP 514 port. you can use a log analyzer such as SoniWALL's Viewpoint software or WebTrends firewall Suite to analyse and graph the logged data. The sonic wall appliances can support up to 3 syslog servers at time
0
 

Author Comment

by:fasuln
ID: 34212822
Hi sabk,

Thanks for the info. I do not have a syslog server setup, but I will set one up and give your method a try and report back tomorow.

Thanks
0
 

Author Closing Comment

by:fasuln
ID: 34523321
I will use the Viewpoint software for now, but it does not give me all the info I need.

It is however a partial solution for the short term.

Thanks everyone for your help and comments
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 34662178
fasuln,
 
I have reopened your question and started the process of closing it with a split amongst two or more Experts, as that outcome seems more equitable than your original disposition.
 
modus_operandi
EE Admin
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question