Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1078
  • Last Modified:

monitor bandwidth usage for specific workstation in domain

Hello,

I would like to know what tools/ways I have to monitor a specific workstation in our domain environment for bandwidth usage, I can see in our FW that the bandwidth usage coming from this workstation is high and I would like to know which application running on his workstation is responsible for this.  I can see the list of applications remotely using tasklist from CMD but that does not provide me with the bandwidth towards the WAN.

This has to be done under the radar.
the OS: win7

Thanks.
0
iNc0g
Asked:
iNc0g
1 Solution
 
Alex Green3rd Line Server SupportCommented:
There is a solar winds netflow traffic analyzer, it's a 30 day free trial and pretty decent
0
 
bbaoIT ConsultantCommented:
try TCPView, "a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."

it may give you the traffic data per process, as shown below.

TCPView v3.05
FYI - TCPView v3.05
http://technet.microsoft.com/en-au/sysinternals/bb897437.aspx
0
 
iNc0gAuthor Commented:
Regarding TCPView - I need a way to monitor an end-user workstation without his knowledge so I can really detect whether he's "abusing" the bandwidth, can this app run remotely? it doesn't seem so.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
bbaoIT ConsultantCommented:
YES, you can. you need to use the console version of TCPView (tcpvcon.exe) and PsExec together.

FYI - PsExec v2.0
http://technet.microsoft.com/en-au/sysinternals/bb897553.aspx
0
 
iNc0gAuthor Commented:
I see, so you mean copying the tcpvcon.exe to the remote workstation and open it using psexec, correct ?
0
 
bbaoIT ConsultantCommented:
yes.

don't forget to check PSEXEC's help for correct command line parameters to be used for calling TCPVCON.EXE.
0
 
MintarCommented:
To monitor without his acknowledge, you need to check another passive network monitoring programs.
A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

Programs you can try:
1. WFilter Free  http://www.imfirewall.us/wfilterfree.htm

2. Wireshark http://www.wireshark.org
0
 
bbaoIT ConsultantCommented:
> To monitor without his acknowledge, you need to check another passive network monitoring programs. A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

that way can't provide per application / process traffic statistics, only per protocol or port traffic can be counted. it also needs additional hardware including network switch and computer (physical or virtual machine).
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now