Detecting p2p/torrent/heavy bandwidth users in my lan

Hi, can you please share your best practices for detecting peer-to-peer /torrent/ http download users in a lan of 40 users?

The router is a Vigor 3300, and it seems that most of the time, there are 2300 active NAT sessions in the diagnostics page.

The users are on a windows 2003 domain network. all of them are using wired connections.

Any specific tips for chinese users? this network is in china.

Thank you
darkbluegrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PatrickG022200Commented:
Configure an accesslist in your router firewall.
0
PatrickG022200Commented:
Sniffer it is free and easy to use and install.

http://www.wireshark.org/download.html
0
darkbluegrAuthor Commented:
please elaborate?
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

rickygmCommented:
you Need a server Proxy/firewall with p2p layer setup , for example Linux with iptables and http://www.ipp2p.org/

regardss
0
JohnDemerjianCommented:
if you have a budget to fix the problem there are many ways to go.  if you have no budget, one approach is to use pslist \\computer name to scan the processess running on the workstations.  when you find torrent you can remove it.  group policy can lock the systems down but that may be too overbearing for your company.  if you have a way of remotely running a command you can run netstat >%computername%.txt and it will dump their network connections to a text file.  if they have a p2p client they will likely have 100 network connections whereas a normal system will have a few.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
darkbluegrAuthor Commented:
thank you.. will look into ipp2p as well

 i have a modest budget because the problem is becoming too hard to ignore..

access list would be hard because usually employees have to visit several different manufacturer sites to compare prices, etc..

i will try the pslist command but it may be hard to do on 40 pc's once every hour.. will be lots of manual labor for me.

thanks!
0
JohnDemerjianCommented:
you can't block outgoing ports as a solution to this because the p2p clients will just use port 80.  you either need a packet inspecting device (firewall, web surf appliance, proxy) or find the apps on the workstations, remove them and prevent them from getting installed again.  

a batch file with a list of IPs or host names plus the pslist command line wouldn't be too hard to make with a spreadsheet and text editor.  
0
darkbluegrAuthor Commented:
thank you, are there any packet inspecting devices you could recommend for smb's?

I will look into the batch files for the pslist solution :)

thanks!
0
darkbluegrAuthor Commented:
we have a spare TZ170 sonicwall in case it can help...
0
JohnDemerjianCommented:
on a sonicwall i once addressed this very issue but it may not work now as the p2p clients may all be using port 80.  back in the day, the P2P clients would only default to port 80 if they were denied their preferred port.  so what i did was created a bandwidth management rule that said for all ports above (some port you pick like 500) only allocate 1% of the bandwidth.  that way, the p2p clients didn't try to change to port 80 but the quantity of bandwidth they used was insignificant.  if you have or can upgrade your sonicwall to bandwidth management, this may work.  but find out what apps are using the bandwidth first with pslist or some other
0
darkbluegrAuthor Commented:
thanks, will try the sonicwall and see how it goes!

do you know if the TZ170 can manage a 4MB fiber dedicated internet connection?

Also if my subscription is expired can I re-start it?
0
darkbluegrAuthor Commented:
also any how-to guides with ipp2p would be helpful, as a test, i can repurpose an old machine and see how it performs. please share any helpful guides. thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.