Detecting p2p/torrent/heavy bandwidth users in my lan

Hi, can you please share your best practices for detecting peer-to-peer /torrent/ http download users in a lan of 40 users?

The router is a Vigor 3300, and it seems that most of the time, there are 2300 active NAT sessions in the diagnostics page.

The users are on a windows 2003 domain network. all of them are using wired connections.

Any specific tips for chinese users? this network is in china.

Thank you
darkbluegrAsked:
Who is Participating?
 
JohnDemerjianCommented:
if you have a budget to fix the problem there are many ways to go.  if you have no budget, one approach is to use pslist \\computer name to scan the processess running on the workstations.  when you find torrent you can remove it.  group policy can lock the systems down but that may be too overbearing for your company.  if you have a way of remotely running a command you can run netstat >%computername%.txt and it will dump their network connections to a text file.  if they have a p2p client they will likely have 100 network connections whereas a normal system will have a few.
0
 
PatrickG022200Commented:
Configure an accesslist in your router firewall.
0
 
PatrickG022200Commented:
Sniffer it is free and easy to use and install.

http://www.wireshark.org/download.html
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
darkbluegrAuthor Commented:
please elaborate?
0
 
rickygmCommented:
you Need a server Proxy/firewall with p2p layer setup , for example Linux with iptables and http://www.ipp2p.org/

regardss
0
 
darkbluegrAuthor Commented:
thank you.. will look into ipp2p as well

 i have a modest budget because the problem is becoming too hard to ignore..

access list would be hard because usually employees have to visit several different manufacturer sites to compare prices, etc..

i will try the pslist command but it may be hard to do on 40 pc's once every hour.. will be lots of manual labor for me.

thanks!
0
 
JohnDemerjianCommented:
you can't block outgoing ports as a solution to this because the p2p clients will just use port 80.  you either need a packet inspecting device (firewall, web surf appliance, proxy) or find the apps on the workstations, remove them and prevent them from getting installed again.  

a batch file with a list of IPs or host names plus the pslist command line wouldn't be too hard to make with a spreadsheet and text editor.  
0
 
darkbluegrAuthor Commented:
thank you, are there any packet inspecting devices you could recommend for smb's?

I will look into the batch files for the pslist solution :)

thanks!
0
 
darkbluegrAuthor Commented:
we have a spare TZ170 sonicwall in case it can help...
0
 
JohnDemerjianCommented:
on a sonicwall i once addressed this very issue but it may not work now as the p2p clients may all be using port 80.  back in the day, the P2P clients would only default to port 80 if they were denied their preferred port.  so what i did was created a bandwidth management rule that said for all ports above (some port you pick like 500) only allocate 1% of the bandwidth.  that way, the p2p clients didn't try to change to port 80 but the quantity of bandwidth they used was insignificant.  if you have or can upgrade your sonicwall to bandwidth management, this may work.  but find out what apps are using the bandwidth first with pslist or some other
0
 
darkbluegrAuthor Commented:
thanks, will try the sonicwall and see how it goes!

do you know if the TZ170 can manage a 4MB fiber dedicated internet connection?

Also if my subscription is expired can I re-start it?
0
 
darkbluegrAuthor Commented:
also any how-to guides with ipp2p would be helpful, as a test, i can repurpose an old machine and see how it performs. please share any helpful guides. thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.