Improve company productivity with a Business Account.Sign Up

x
?
Solved

someone on the network is taking up my internet pipe

Posted on 2011-09-26
6
Medium Priority
?
491 Views
Last Modified: 2012-06-27
I  have a small network that has about 15 desktops and 2 servers, unmanaged 10/100 switch, juniper ssg5 firewall and a 2.5 megabits dsl line. I use prtg to graph the snmp of the firewall. My internet occasionally get slow, its is due outbound traffic from the inside. Someone in the inside is taken up the bandwidth. I can't determine who. Is there any tool to determine who or which Ip is doing it?

thanks
0
Comment
Question by:officertango
6 Comments
 
LVL 17

Accepted Solution

by:
OriNetworks earned 1000 total points
ID: 36599425
You can check out firewall session analyzer from http://tools.juniper.net/fsa/ as mentioned here: http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/how-to-use-SSG5-to-monitor-client-traffic/td-p/3300

This should be able to get you what you need. Being outbound traffic kind of worries me since clients generally do not have much outbound traffic unless it is a virus/malware or someone has some kind of server set up.
0
 

Author Comment

by:officertango
ID: 36600331
I used the firewall session anlyzer, i captured that session thru putty and upload juniper site. It tells me which IP takes up how many session and etc., but it does not tell me who is consuming how much bandwidth. I know that I am wasting 400kbits outbound traffic from someone. Would etheral do the job?
0
 
LVL 6

Expert Comment

by:kdtresh
ID: 36602090
are you using dhcp? if so, what is handling addressing? if you have the source of the traffic, you may be able to check your dhcp leases and find the hostname of the machine(s) in question.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 

Author Comment

by:officertango
ID: 36710132
We are using dhcp. I know all the ip, it's knowing which ip is doing the harm is the problem. Does etheral tell me the top  talker and what protocol being used?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1000 total points
ID: 37272373
I recommend you running "ntop" on a pc on the LAN, it will tell you exactly who is doing what.

Open Source, and free.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 37298048
I'm confused that if you know the ip the traffic is coming from, what else do you need to match it up to its source?    

ping x.x.x.x -a will resolve the DNS name of the address assuming DHCP/DNS is setup to register dns names with leases on that scope.
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, we’ll look at how to deploy ProxySQL.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question