Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 947
  • Last Modified:

Bandwidth Hogging

Oh gurus of Networking Know How; must one pay thousands of dollars to find the IP from which bandwidth-hogging emanates?  Surely there must be a simple mechanism for doing this.  I am unschooled in such matters but my infinite wisdom and 12 years of IT experience dictates a solution must exist for which I will not go broke!  

- I own Orion by Solar Winds - only the upgrade will do this! $$$$
- I have a small environemnt (58 users 25 other devices) with a few Cisco 2960's and have tried the CNA. So...I have busy ports.  Big whoop!.  They are the server and the Internet ports.  Must I run ID every port and its connection to a PC before I can identify the IP?
- Spiceworks I have also installed only to find out that the software cannot see beyond the GPO configured and mandated firewall for all users.

Can you sense the frustration?

I am open and humbly except ANY correction, edification or solution.

JDFuller
0
jdfuller
Asked:
jdfuller
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
rrococi2Commented:
I use  colasoft in my line of work.  I do cybercrime investigations, it works very well.
0
 
cavp76Commented:
PC with Linux and 2 NICs configured as a bridge (between switch and Orion appliance), Wireshark listening on the bridge, there you'll find the hog and hang it from the b*lls
0
 
aleghartCommented:
I just login to my Sonicwall firewall.  Shows top bandwidth consumers, top website hits, top services.  That's all statistical counters.

For real-time numbers I go to the Firewall page, Connections Monitor, then sort by Rx bytes.  Shows the sender & receiver IP addresses and the bytes transferred.

Do you have something similar on your internet routers or core router?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
jdfullerAuthor Commented:
aleghart :::  I have TZ-170.  I did as you say this morning.  I exported the entire log into CSV and culled for consistent IP traffic but nothing unusual.  I haven't tried the Rx Bytes thing but will shortly.  I just took a look at what its showing and nothing

cavp76 :::  Love your solution.  Haven't the hardware presently.  Wireshark, I've heard of so will investigate.

rrococi2 ::: Never heard of colasoft.  Investigating.

Appreciate the feedback from all...I assume, other than available hardware, all these are free?  I will check it out.

JDFuller
0
 
rrococi2Commented:
COLASOFT Is a free trial....But it picks up broadcasts internally that the router may not.
0
 
jdfullerAuthor Commented:
aleghart :::  (incomplete response - sorry)  ...nothing unusual except the Barracuda back up is the biggest by far but it only operates in the evenings and only a few days aweek.

All :::  We have a 6x1 DSL (6MB Dn and 1MB Up link).  It is real.  I have sampled it with no one connected a few times and get 5.8 x .8 regularly.  During the day its between 1.5 or less Dn and .2 to .6 Up.  Understand there is traffic from users.  With no anomolies, perhaps I can consider the fact that we don't have enough bandwidth?

0
 
cavp76Commented:
The only free to get is the one I gave you (apart from HW and your time); here is how to configure a bridge in Linux (I use CentOS, and WireShark is quite easy to use... perhaps a friend of yours could help you setting up this machine.

HTH
0
 
aleghartCommented:
The Active Connections Monitor will only show...well, active connections.  So if the behavior has stopped, or if the bandwidth consumption is in aggregate, not to one specific IP address, it may not show here.

For instance, a user downloading torrents will be hitting many dozens (or hundreds) of different IP addresses over the course of a day, and for only a few minutes to each address.  So, current bandwidth to any one address is low..but they all add up.

Use the  Logs >  Reports  page.  Select the report  "Bandwidth use by IP address".

Here you can see me as the top in Active Connections, then second by IP address to our mail server.

Active Connections
 Log > Reports > IP Address

Another issue may be that your available bandwidth is decreased during working hours.  Simple to test.  Take a maintenance window of 10 minutes in the middle of the day when "the internet is slow".   Plug a laptop or other computer directly in to the TZ-170 and run the same tests.  Test bandwidth while users are connected.  Then disconnect the link between the TZ-170 and the LAN.  Test again.

Third possible issue besides users, and DSL connection, is wireless signal.  All traffic on a wireless access point is in the same collision domain.  So the bandwidth is shared among all connected users.  File sharing activity or flooding with other traffic will result in decreased performance to everyone on that link.
0
 
jdfullerAuthor Commented:
All excellent and I can't make you all wait for points while I try them out, so, Thanks for the great feeddback and quick response.  I have a great "To Do" list to work from!

JDFuller
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now