Solved

Determining What's Using Network Bandwidth

Posted on 2014-03-14
6
314 Views
Last Modified: 2014-05-06
Hello,

On our company network, I have discovered that for the past 2-3 weeks, our Internet bandwidth has been maxed out to 100% consistently between the hours of midnight and 6 am. Our ISP has provided utilization graphs which verify that to be the case.

Our building is closed, and no one on site, during those hours, and no tasks are scheduled to run during that time that would make use of Internet bandwidth.

I am obviously concerned that either there is malware on a system or one of our servers has been hijacked or something along those lines, and I need to determine what is using that bandwidth. I would appreciate any thoughts on possible causes, and also thoughts on the best method of narrowing down where the utilization is coming from.

Thanks,
Ithizar
0
Comment
Question by:Ithizar
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39930407
How about Carbonite set to run at night only?  I've seen the same thing during the day with Carbonite uploads.

Upload or download maxed out?
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 39930515
On the final line going out (to the modern or router), monitor the network traffic.
Use a really old hub or a managed switch with port mirroring before going out the modem/router. Have an old pc or laptop with Wireshark running (on that hub or managed switch), and remote to it from home. You will have the ip number of the offending device in no time, as most traffic scrolling by will be originating from that device.
0
 

Author Comment

by:Ithizar
ID: 40032252
It turned out to be an entire computer lab infected with malware. We re-imaged the lab. Thanks everyone for your suggestions.
0
 

Author Comment

by:Ithizar
ID: 40041616
Found the answer.
0
 

Author Closing Comment

by:Ithizar
ID: 40045971
Wireshark did indeed help us to find the solution, though we did not have to utilize a hub in order to do so. However, since it was part of the solution, I am awarding the points.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ACS 5.4 "management" proc stuck in Restarting 2 59
integration of incident management and linking to CMDB 1 39
Router assigned IP addresses 18 88
local DNS vendor. 4 57
Read about achieving the basic levels of HRIS security in the workplace.
An article on effective troubleshooting
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question