Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Determining What's Using Network Bandwidth

Posted on 2014-03-14
6
Medium Priority
?
324 Views
Last Modified: 2014-05-06
Hello,

On our company network, I have discovered that for the past 2-3 weeks, our Internet bandwidth has been maxed out to 100% consistently between the hours of midnight and 6 am. Our ISP has provided utilization graphs which verify that to be the case.

Our building is closed, and no one on site, during those hours, and no tasks are scheduled to run during that time that would make use of Internet bandwidth.

I am obviously concerned that either there is malware on a system or one of our servers has been hijacked or something along those lines, and I need to determine what is using that bandwidth. I would appreciate any thoughts on possible causes, and also thoughts on the best method of narrowing down where the utilization is coming from.

Thanks,
Ithizar
0
Comment
Question by:Ithizar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39930407
How about Carbonite set to run at night only?  I've seen the same thing during the day with Carbonite uploads.

Upload or download maxed out?
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 1500 total points
ID: 39930515
On the final line going out (to the modern or router), monitor the network traffic.
Use a really old hub or a managed switch with port mirroring before going out the modem/router. Have an old pc or laptop with Wireshark running (on that hub or managed switch), and remote to it from home. You will have the ip number of the offending device in no time, as most traffic scrolling by will be originating from that device.
0
 

Author Comment

by:Ithizar
ID: 40032252
It turned out to be an entire computer lab infected with malware. We re-imaged the lab. Thanks everyone for your suggestions.
0
 

Author Comment

by:Ithizar
ID: 40041616
Found the answer.
0
 

Author Closing Comment

by:Ithizar
ID: 40045971
Wireshark did indeed help us to find the solution, though we did not have to utilize a hub in order to do so. However, since it was part of the solution, I am awarding the points.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question