?
Solved

network analyzer

Posted on 2013-12-12
5
Medium Priority
?
343 Views
Last Modified: 2014-01-18
Hi guys,

Is there a software I can use to analyzer a network to see what is taking place per computer.

I have a suspection that someone is downloading stuff from utorrent and I would like to know.

if you guys have any tool I can use please let me know.

thanks  in advance
0
Comment
Question by:MVGtechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 1500 total points
ID: 39714287
Your firewall is probably the easiest place to examine for any and all traffic or internet questions. If your firewall is off commercial for business quality, you should be able to show your translation connections or open connections.  if you find a computer IP address on your internal network is establish connectionsor has many UDP streams to a variety of remote address is, you have likely found your culprit.another method involves using a packet capture software such as Wireshark. With Wireshark, you can identify conversations and decode the packet streams with a good chance Wireshark can specifically identify torrent based connections. The trick with using a capture software is to find a good  position to plug into or connect your capture interface in a spot that is exposed to all traffic. A good spot is usually again at the firewall, either right in front of it or behind.

many firewalls allow you to actually perform packet capture at the firewall for downloading and then analysis bye software like Wireshark. There are many other ways 2 make your determination, depending on your existing configuration and you're network knowledge sophistication. With further detail on what you have done and you're available resources, we can help you narrow and identify your traffic.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39714296
What is your gateway device?  Usually it's fairly easy to spot torrent users as they will be opening a lot of sessions to unfamiliar IPs.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 39714347
Wireshark works great and its free.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39714428
Wireshark is great, however you need to enable a port mirroring on your switch stack (also referred to as a SPAN port for Cisco devices.)

Microsoft Message Analyzer is also a good tool, it allows you to resemble HTTP sessions (for example), so you can actually view the web pages and images your users have downloaded.  Again, port mirroring would be required.

As mentioned above, the easiest method may be to enable logging at your firewall.  You can install a syslog server to capture activity over time for future analysis.
0
 
LVL 3

Expert Comment

by:Brian Garcia
ID: 39716070
You can also try network monitoring software based on netflow like PRTG - http://www.paessler.com/prtg and Manage Engine's Netflow Analyzer - http://www.manageengine.com/products/netflow/.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question