Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

someone on the network is taking up my internet pipe

Posted on 2011-09-26
6
Medium Priority
?
408 Views
Last Modified: 2012-06-27
I  have a small network that has about 15 desktops and 2 servers, unmanaged 10/100 switch, juniper ssg5 firewall and a 2.5 megabits dsl line. I use prtg to graph the snmp of the firewall. My internet occasionally get slow, its is due outbound traffic from the inside. Someone in the inside is taken up the bandwidth. I can't determine who. Is there any tool to determine who or which Ip is doing it?

thanks
0
Comment
Question by:officertango
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 17

Accepted Solution

by:
OriNetworks earned 1000 total points
ID: 36599425
You can check out firewall session analyzer from http://tools.juniper.net/fsa/ as mentioned here: http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/how-to-use-SSG5-to-monitor-client-traffic/td-p/3300

This should be able to get you what you need. Being outbound traffic kind of worries me since clients generally do not have much outbound traffic unless it is a virus/malware or someone has some kind of server set up.
0
 

Author Comment

by:officertango
ID: 36600331
I used the firewall session anlyzer, i captured that session thru putty and upload juniper site. It tells me which IP takes up how many session and etc., but it does not tell me who is consuming how much bandwidth. I know that I am wasting 400kbits outbound traffic from someone. Would etheral do the job?
0
 
LVL 6

Expert Comment

by:kdtresh
ID: 36602090
are you using dhcp? if so, what is handling addressing? if you have the source of the traffic, you may be able to check your dhcp leases and find the hostname of the machine(s) in question.
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:officertango
ID: 36710132
We are using dhcp. I know all the ip, it's knowing which ip is doing the harm is the problem. Does etheral tell me the top  talker and what protocol being used?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1000 total points
ID: 37272373
I recommend you running "ntop" on a pc on the LAN, it will tell you exactly who is doing what.

Open Source, and free.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 37298048
I'm confused that if you know the ip the traffic is coming from, what else do you need to match it up to its source?    

ping x.x.x.x -a will resolve the DNS name of the address assuming DHCP/DNS is setup to register dns names with leases on that scope.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question