• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 493
  • Last Modified:

someone on the network is taking up my internet pipe

I  have a small network that has about 15 desktops and 2 servers, unmanaged 10/100 switch, juniper ssg5 firewall and a 2.5 megabits dsl line. I use prtg to graph the snmp of the firewall. My internet occasionally get slow, its is due outbound traffic from the inside. Someone in the inside is taken up the bandwidth. I can't determine who. Is there any tool to determine who or which Ip is doing it?

thanks
0
officertango
Asked:
officertango
2 Solutions
 
OriNetworksCommented:
You can check out firewall session analyzer from http://tools.juniper.net/fsa/ as mentioned here: http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/how-to-use-SSG5-to-monitor-client-traffic/td-p/3300

This should be able to get you what you need. Being outbound traffic kind of worries me since clients generally do not have much outbound traffic unless it is a virus/malware or someone has some kind of server set up.
0
 
officertangoAuthor Commented:
I used the firewall session anlyzer, i captured that session thru putty and upload juniper site. It tells me which IP takes up how many session and etc., but it does not tell me who is consuming how much bandwidth. I know that I am wasting 400kbits outbound traffic from someone. Would etheral do the job?
0
 
kdtreshCommented:
are you using dhcp? if so, what is handling addressing? if you have the source of the traffic, you may be able to check your dhcp leases and find the hostname of the machine(s) in question.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
officertangoAuthor Commented:
We are using dhcp. I know all the ip, it's knowing which ip is doing the harm is the problem. Does etheral tell me the top  talker and what protocol being used?
0
 
pergrCommented:
I recommend you running "ntop" on a pc on the LAN, it will tell you exactly who is doing what.

Open Source, and free.
0
 
OriNetworksCommented:
I'm confused that if you know the ip the traffic is coming from, what else do you need to match it up to its source?    

ping x.x.x.x -a will resolve the DNS name of the address assuming DHCP/DNS is setup to register dns names with leases on that scope.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Tackle projects and never again get stuck behind a technical roadblock.
Join Now