View network traffice

I have several SMB networks with basic layout of

ISP (Modem) --- SonicWALL -- Switch -- Clients

Some of the sites I do not have access to the SonicWALL's, is there a hardware device that I can plug into the switch to see which computer is using the most bandwidth? I have seen a few network taps, but I do not know enough about them to find what I am look for.

I would like to be able to plug a device into the switch and have it port to my computer or create a graphic pie chart that tells me the host names, IP's of the computers that are running traffic across the line.

Or if there is a some software I can install on my laptop and then I plug into the switch that would work as well.

Thanks!
LVL 5
JasonDuncanworksAsked:
Who is Participating?
 
KimputerCommented:
Yes, if your switch clearly states it supports port mirroring, enable it for the port with your customer switch, and the port for your laptop (in your picture, the second and third port, counting from left right down)
Actually, if you can also enable it for the first and third port (firewall/laptop), will have the same result.
0
 
Lee IngallsDirector of IT/TS, Quality and FinanceCommented:
Your Sonicwall should show bandwidth usage by client... see attached.
Depending on the model you can see in the Log section under reports - bandwidth usages by IP address.
sonicwall.pdf
0
 
JasonDuncanworksAuthor Commented:
Thank you for that, but there are several sites that I cannot access the SW and that is why I need a separate device. Something I can almost monitor in real time.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Lee IngallsDirector of IT/TS, Quality and FinanceCommented:
Do you have a VPN or RDP/TS connection to the remote sites?
0
 
JasonDuncanworksAuthor Commented:
No vpn but I can get access to a machine on the LAN.
0
 
Lee IngallsDirector of IT/TS, Quality and FinanceCommented:
but I can get access to a machine on the LAN.
Sorry, I'm not trying to be difficult... Does this network belong to you/yours to admin?
ISP (Modem) --- SonicWALL -- Switch -- Clients
If you have access to a computer on the LAN... wouldn't you then have access to that sites Sonicwall?
0
 
JasonDuncanworksAuthor Commented:
For these few site, the software vendor has control over the SW. Its a tractor place and they have to vpn in to the vendor site. I ask for access to it, but they tell the customers if I log in to it, they take no responsibility and will not support them if an issue arises now or in the future.

Even if I had access to the SW, there are several other site I have that use home based routers for there business. I am just looking for an easier way to track down potential bandwidth hogs.
0
 
Lee IngallsDirector of IT/TS, Quality and FinanceCommented:
I use Wireshark in addition to the SonicWall tools.
http://www.wireshark.org/download.html

Select an interface and start a capture...
Select Statistics - Conversations - IPv4 or IPv6...
Sort by Bytes

You need a NIC that supports promiscuous mode. Full network traffic capture can be tricky with Wireshark.

Another free option is Nirsoft TrafficView.
http://www.nirsoft.net/utils/network_traffic_view.html
0
 
KimputerCommented:
Since you don't have access to the Sonicwall, you have to insert something in front of it (a NIC with promiscuous mode isn't sufficient, as the traffic is still protected by the switches):

ISP (Modem) --- SonicWALL -- (old hub or managed switch with port mirroring) -- Switch -- Clients

So you do have to interupt the network traffic (if you time it well, takes about 1 second).

Connect one cable from the switch to the old hub or managed switch with port mirroring. Also connect your laptop to this hub/switch (if hub, doesn't matter which port, if managed switch, use the configured 2 ports with the mirror function enabled). Then another cable in any other port, back to the Sonicwall.

Now you can use any capture tool to view ALL outgoing traffic (internal traffic doesn't pass through here though). Wireshark would be nice, as you can sort on the highest user with Statistics > Endpoints > click on IPv4 or TCP tab > sort Bytes column. (Conversations will show multiple same IP's, which may confuse you and still not get the hightest user)
0
 
JasonDuncanworksAuthor Commented:
Kimputer,

Attached is a picture of what I think your are talking about. Please try to keep the laughter down I know its not to scale.
Layout.png
0
 
JasonDuncanworksAuthor Commented:
0
 
KimputerCommented:
Seems that's exactly what you need.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.