[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

someone on the network is taking up my internet pipe

I  have a small network that has about 15 desktops and 2 servers, unmanaged 10/100 switch, juniper ssg5 firewall and a 2.5 megabits dsl line. I use prtg to graph the snmp of the firewall. My internet occasionally get slow, its is due outbound traffic from the inside. Someone in the inside is taken up the bandwidth. I can't determine who. Is there any tool to determine who or which Ip is doing it?

thanks
0
officertango
Asked:
officertango
2 Solutions
 
OriNetworksCommented:
You can check out firewall session analyzer from http://tools.juniper.net/fsa/ as mentioned here: http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/how-to-use-SSG5-to-monitor-client-traffic/td-p/3300

This should be able to get you what you need. Being outbound traffic kind of worries me since clients generally do not have much outbound traffic unless it is a virus/malware or someone has some kind of server set up.
0
 
officertangoAuthor Commented:
I used the firewall session anlyzer, i captured that session thru putty and upload juniper site. It tells me which IP takes up how many session and etc., but it does not tell me who is consuming how much bandwidth. I know that I am wasting 400kbits outbound traffic from someone. Would etheral do the job?
0
 
kdtreshCommented:
are you using dhcp? if so, what is handling addressing? if you have the source of the traffic, you may be able to check your dhcp leases and find the hostname of the machine(s) in question.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
officertangoAuthor Commented:
We are using dhcp. I know all the ip, it's knowing which ip is doing the harm is the problem. Does etheral tell me the top  talker and what protocol being used?
0
 
pergrCommented:
I recommend you running "ntop" on a pc on the LAN, it will tell you exactly who is doing what.

Open Source, and free.
0
 
OriNetworksCommented:
I'm confused that if you know the ip the traffic is coming from, what else do you need to match it up to its source?    

ping x.x.x.x -a will resolve the DNS name of the address assuming DHCP/DNS is setup to register dns names with leases on that scope.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now