Solved

Determining What's Using Network Bandwidth

Posted on 2014-03-14
6
321 Views
Last Modified: 2014-05-06
Hello,

On our company network, I have discovered that for the past 2-3 weeks, our Internet bandwidth has been maxed out to 100% consistently between the hours of midnight and 6 am. Our ISP has provided utilization graphs which verify that to be the case.

Our building is closed, and no one on site, during those hours, and no tasks are scheduled to run during that time that would make use of Internet bandwidth.

I am obviously concerned that either there is malware on a system or one of our servers has been hijacked or something along those lines, and I need to determine what is using that bandwidth. I would appreciate any thoughts on possible causes, and also thoughts on the best method of narrowing down where the utilization is coming from.

Thanks,
Ithizar
0
Comment
Question by:Ithizar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39930407
How about Carbonite set to run at night only?  I've seen the same thing during the day with Carbonite uploads.

Upload or download maxed out?
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 500 total points
ID: 39930515
On the final line going out (to the modern or router), monitor the network traffic.
Use a really old hub or a managed switch with port mirroring before going out the modem/router. Have an old pc or laptop with Wireshark running (on that hub or managed switch), and remote to it from home. You will have the ip number of the offending device in no time, as most traffic scrolling by will be originating from that device.
0
 

Author Comment

by:Ithizar
ID: 40032252
It turned out to be an entire computer lab infected with malware. We re-imaged the lab. Thanks everyone for your suggestions.
0
 

Author Comment

by:Ithizar
ID: 40041616
Found the answer.
0
 

Author Closing Comment

by:Ithizar
ID: 40045971
Wireshark did indeed help us to find the solution, though we did not have to utilize a hub in order to do so. However, since it was part of the solution, I am awarding the points.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
An article on effective troubleshooting
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question