Solved

monitor bandwidth usage for specific workstation in domain

Posted on 2014-02-19
8
970 Views
Last Modified: 2014-02-20
Hello,

I would like to know what tools/ways I have to monitor a specific workstation in our domain environment for bandwidth usage, I can see in our FW that the bandwidth usage coming from this workstation is high and I would like to know which application running on his workstation is responsible for this.  I can see the list of applications remotely using tasklist from CMD but that does not provide me with the bandwidth towards the WAN.

This has to be done under the radar.
the OS: win7

Thanks.
0
Comment
Question by:iNc0g
8 Comments
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
There is a solar winds netflow traffic analyzer, it's a 30 day free trial and pretty decent
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
Comment Utility
try TCPView, "a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."

it may give you the traffic data per process, as shown below.

TCPView v3.05
FYI - TCPView v3.05
http://technet.microsoft.com/en-au/sysinternals/bb897437.aspx
0
 

Author Comment

by:iNc0g
Comment Utility
Regarding TCPView - I need a way to monitor an end-user workstation without his knowledge so I can really detect whether he's "abusing" the bandwidth, can this app run remotely? it doesn't seem so.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
YES, you can. you need to use the console version of TCPView (tcpvcon.exe) and PsExec together.

FYI - PsExec v2.0
http://technet.microsoft.com/en-au/sysinternals/bb897553.aspx
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:iNc0g
Comment Utility
I see, so you mean copying the tcpvcon.exe to the remote workstation and open it using psexec, correct ?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
yes.

don't forget to check PSEXEC's help for correct command line parameters to be used for calling TCPVCON.EXE.
0
 
LVL 3

Expert Comment

by:Mintar
Comment Utility
To monitor without his acknowledge, you need to check another passive network monitoring programs.
A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

Programs you can try:
1. WFilter Free  http://www.imfirewall.us/wfilterfree.htm

2. Wireshark http://www.wireshark.org
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> To monitor without his acknowledge, you need to check another passive network monitoring programs. A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

that way can't provide per application / process traffic statistics, only per protocol or port traffic can be counted. it also needs additional hardware including network switch and computer (physical or virtual machine).
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now