Solved

Bandwidth Hogging

Posted on 2011-03-17
9
854 Views
Last Modified: 2012-05-11
Oh gurus of Networking Know How; must one pay thousands of dollars to find the IP from which bandwidth-hogging emanates?  Surely there must be a simple mechanism for doing this.  I am unschooled in such matters but my infinite wisdom and 12 years of IT experience dictates a solution must exist for which I will not go broke!  

- I own Orion by Solar Winds - only the upgrade will do this! $$$$
- I have a small environemnt (58 users 25 other devices) with a few Cisco 2960's and have tried the CNA. So...I have busy ports.  Big whoop!.  They are the server and the Internet ports.  Must I run ID every port and its connection to a PC before I can identify the IP?
- Spiceworks I have also installed only to find out that the software cannot see beyond the GPO configured and mandated firewall for all users.

Can you sense the frustration?

I am open and humbly except ANY correction, edification or solution.

JDFuller
0
Comment
Question by:jdfuller
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 2

Accepted Solution

by:
rrococi2 earned 167 total points
ID: 35160813
I use  colasoft in my line of work.  I do cybercrime investigations, it works very well.
0
 
LVL 4

Assisted Solution

by:cavp76
cavp76 earned 167 total points
ID: 35160860
PC with Linux and 2 NICs configured as a bridge (between switch and Orion appliance), Wireshark listening on the bridge, there you'll find the hog and hang it from the b*lls
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 166 total points
ID: 35160919
I just login to my Sonicwall firewall.  Shows top bandwidth consumers, top website hits, top services.  That's all statistical counters.

For real-time numbers I go to the Firewall page, Connections Monitor, then sort by Rx bytes.  Shows the sender & receiver IP addresses and the bytes transferred.

Do you have something similar on your internet routers or core router?
0
 

Author Comment

by:jdfuller
ID: 35161062
aleghart :::  I have TZ-170.  I did as you say this morning.  I exported the entire log into CSV and culled for consistent IP traffic but nothing unusual.  I haven't tried the Rx Bytes thing but will shortly.  I just took a look at what its showing and nothing

cavp76 :::  Love your solution.  Haven't the hardware presently.  Wireshark, I've heard of so will investigate.

rrococi2 ::: Never heard of colasoft.  Investigating.

Appreciate the feedback from all...I assume, other than available hardware, all these are free?  I will check it out.

JDFuller
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:rrococi2
ID: 35161076
COLASOFT Is a free trial....But it picks up broadcasts internally that the router may not.
0
 

Author Comment

by:jdfuller
ID: 35161108
aleghart :::  (incomplete response - sorry)  ...nothing unusual except the Barracuda back up is the biggest by far but it only operates in the evenings and only a few days aweek.

All :::  We have a 6x1 DSL (6MB Dn and 1MB Up link).  It is real.  I have sampled it with no one connected a few times and get 5.8 x .8 regularly.  During the day its between 1.5 or less Dn and .2 to .6 Up.  Understand there is traffic from users.  With no anomolies, perhaps I can consider the fact that we don't have enough bandwidth?

0
 
LVL 4

Expert Comment

by:cavp76
ID: 35161124
The only free to get is the one I gave you (apart from HW and your time); here is how to configure a bridge in Linux (I use CentOS, and WireShark is quite easy to use... perhaps a friend of yours could help you setting up this machine.

HTH
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35161413
The Active Connections Monitor will only show...well, active connections.  So if the behavior has stopped, or if the bandwidth consumption is in aggregate, not to one specific IP address, it may not show here.

For instance, a user downloading torrents will be hitting many dozens (or hundreds) of different IP addresses over the course of a day, and for only a few minutes to each address.  So, current bandwidth to any one address is low..but they all add up.

Use the  Logs >  Reports  page.  Select the report  "Bandwidth use by IP address".

Here you can see me as the top in Active Connections, then second by IP address to our mail server.

Active Connections
 Log > Reports > IP Address

Another issue may be that your available bandwidth is decreased during working hours.  Simple to test.  Take a maintenance window of 10 minutes in the middle of the day when "the internet is slow".   Plug a laptop or other computer directly in to the TZ-170 and run the same tests.  Test bandwidth while users are connected.  Then disconnect the link between the TZ-170 and the LAN.  Test again.

Third possible issue besides users, and DSL connection, is wireless signal.  All traffic on a wireless access point is in the same collision domain.  So the bandwidth is shared among all connected users.  File sharing activity or flooding with other traffic will result in decreased performance to everyone on that link.
0
 

Author Closing Comment

by:jdfuller
ID: 35161506
All excellent and I can't make you all wait for points while I try them out, so, Thanks for the great feeddback and quick response.  I have a great "To Do" list to work from!

JDFuller
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now