Solved

I'm looking for a program which tracks data usage.

Posted on 2012-03-25
11
439 Views
Last Modified: 2012-05-06
A network of 4 PC, including a file server, has recently had issues with maxing out their ISP's internet cap. Even after 'upping' to a current package almost 10x in size, they are still finding they're having problems (in fact, the phantom usage seems to have increased to accommodate the increase in cap - that's stumped me entirely!). Wi-Fi security has been checked and updated, but this has made no change.

Multiple MBAM & NOD32 scans have been run on all systems, on a few different days - nothing found. Zemana antilogger has been placed onto the (file) server, but nothing has been picked up as yet.

Still, the increased traffic appears, even when only one user is there (and he's the business owner, and has told me exactly what he is running).

Any ideas on (free) tracking software which I can install on each system which would allow me to at very least isolate which PC/s contain the software causing the problem (as I suspect it is some sort of malicious software on the given PC/s which we haven't yet detected but which is causing these problems)?
0
Comment
Question by:Servant-Leggie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
11 Comments
 
LVL 1

Expert Comment

by:Burns1978
ID: 37763852
I suggest to increase outgoing network security by enabling
security rules in your router. Most of router allows to make access control list(acl).
in addition, you must log the packet that was rejected by your firewall.
That way, you will find which device is spamming your ISP...
common port to enable are
tcp 80-443-25
UDP 53
Block and log everything else.

the other approach is the packet sniffing.
you can download Wireshark software, and sniff the pack flow
between your LAn switch and your routeur.


good luck
0
 

Author Comment

by:Servant-Leggie
ID: 37769225
Burns1978, I'm not sure that the Optus wireless VoIP modem installed has these options - I can check. I did drop in to set up Wireshark on all their PCs, but had some issues regarding an 'Out of Memory' error - seems to have been resolved by deactivated real-time display and setting it up to store multiple files once certain size thresholds are met.
0
 

Author Comment

by:Servant-Leggie
ID: 37799090
Burns1978, thanks, I made the adjustments to the VoIP modem (IAD), but no change was seen. The issue definitely appears to be from the Server because we were finally able to turn off and the usage has gone back to normal. Now, all I need to do is trawl through GBs of Wireshark data.

Any idea what I'm looking for - haven't used Wireshark before?
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 37803257
Start with the DNS. Look for the most common IP. Check protocols used (FTP, HTTP, torrent, etc). Look for anything fishy.

I'm wondering if someone has hijacked the server and is using it as a Warez server.
0
 

Author Comment

by:Servant-Leggie
ID: 37835297
pand0ra_usa, warez server?
0
 
LVL 10

Expert Comment

by:pand0ra_usa
ID: 37835980
Warez is a term for pirated software, porn and malware infected files.
0
 

Author Comment

by:Servant-Leggie
ID: 37840507
pand0ra_usa, I suppose that could account for the higher than usual traffic! I'll see if there's anything strange on the wireshark logs, but I hope I am able to pick up whatever fishy activity is going on! I'll keep you posted (it will probably be a few days until I can get back to you on this- sorry).
0
 
LVL 10

Accepted Solution

by:
pand0ra_usa earned 500 total points
ID: 37840971
So, using wireshark capture everything then start by setting up some display filters. Actually, start by sorting by protocol first. See which protocol you have the most of (HTTP, FTP, SSH, etc). Then maybe start reassembling some of the packets to get an idea of what files are going out. PAy attention to any image files (gif, jpg, bmp, etc), executables  (.exe), and audio/video files (.mp3, .mp4, .mov, etc).

Can you tell us the amount of bandwidth that is being used? 10GB? 100GB? And the rate (per hour, per day, etc).
0
 

Author Comment

by:Servant-Leggie
ID: 37841220
Thanks, pand0ra_usa, you seem to have picked up the tone of my feeling as though syphoning through wireshark data files was more than a little daunting, especially given the gigabytes of them. I appreciate the tips!

We'd be talking about anywhere from 1-5GB per day, sometimes more.

I'll set up those filters and get back to you ASAP on the results.
0
 

Author Closing Comment

by:Servant-Leggie
ID: 37935428
This information was helpful and allowed us to isolate unauthorised traffic.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question