Determining What's Using Network Bandwidth

Hello,

On our company network, I have discovered that for the past 2-3 weeks, our Internet bandwidth has been maxed out to 100% consistently between the hours of midnight and 6 am. Our ISP has provided utilization graphs which verify that to be the case.

Our building is closed, and no one on site, during those hours, and no tasks are scheduled to run during that time that would make use of Internet bandwidth.

I am obviously concerned that either there is malware on a system or one of our servers has been hijacked or something along those lines, and I need to determine what is using that bandwidth. I would appreciate any thoughts on possible causes, and also thoughts on the best method of narrowing down where the utilization is coming from.

Thanks,
Ithizar
IthizarAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
How about Carbonite set to run at night only?  I've seen the same thing during the day with Carbonite uploads.

Upload or download maxed out?
0
KimputerCommented:
On the final line going out (to the modern or router), monitor the network traffic.
Use a really old hub or a managed switch with port mirroring before going out the modem/router. Have an old pc or laptop with Wireshark running (on that hub or managed switch), and remote to it from home. You will have the ip number of the offending device in no time, as most traffic scrolling by will be originating from that device.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IthizarAuthor Commented:
It turned out to be an entire computer lab infected with malware. We re-imaged the lab. Thanks everyone for your suggestions.
0
IthizarAuthor Commented:
Found the answer.
0
IthizarAuthor Commented:
Wireshark did indeed help us to find the solution, though we did not have to utilize a hub in order to do so. However, since it was part of the solution, I am awarding the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.