Solved

Determining What's Using Network Bandwidth

Posted on 2014-03-14
6
318 Views
Last Modified: 2014-05-06
Hello,

On our company network, I have discovered that for the past 2-3 weeks, our Internet bandwidth has been maxed out to 100% consistently between the hours of midnight and 6 am. Our ISP has provided utilization graphs which verify that to be the case.

Our building is closed, and no one on site, during those hours, and no tasks are scheduled to run during that time that would make use of Internet bandwidth.

I am obviously concerned that either there is malware on a system or one of our servers has been hijacked or something along those lines, and I need to determine what is using that bandwidth. I would appreciate any thoughts on possible causes, and also thoughts on the best method of narrowing down where the utilization is coming from.

Thanks,
Ithizar
0
Comment
Question by:Ithizar
  • 3
6 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39930407
How about Carbonite set to run at night only?  I've seen the same thing during the day with Carbonite uploads.

Upload or download maxed out?
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 39930515
On the final line going out (to the modern or router), monitor the network traffic.
Use a really old hub or a managed switch with port mirroring before going out the modem/router. Have an old pc or laptop with Wireshark running (on that hub or managed switch), and remote to it from home. You will have the ip number of the offending device in no time, as most traffic scrolling by will be originating from that device.
0
 

Author Comment

by:Ithizar
ID: 40032252
It turned out to be an entire computer lab infected with malware. We re-imaged the lab. Thanks everyone for your suggestions.
0
 

Author Comment

by:Ithizar
ID: 40041616
Found the answer.
0
 

Author Closing Comment

by:Ithizar
ID: 40045971
Wireshark did indeed help us to find the solution, though we did not have to utilize a hub in order to do so. However, since it was part of the solution, I am awarding the points.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question