Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

View network traffice

Posted on 2014-04-09
12
270 Views
Last Modified: 2014-04-14
I have several SMB networks with basic layout of

ISP (Modem) --- SonicWALL -- Switch -- Clients

Some of the sites I do not have access to the SonicWALL's, is there a hardware device that I can plug into the switch to see which computer is using the most bandwidth? I have seen a few network taps, but I do not know enough about them to find what I am look for.

I would like to be able to plug a device into the switch and have it port to my computer or create a graphic pie chart that tells me the host names, IP's of the computers that are running traffic across the line.

Or if there is a some software I can install on my laptop and then I plug into the switch that would work as well.

Thanks!
0
Comment
Question by:JasonDuncanworks
  • 5
  • 4
  • 3
12 Comments
 
LVL 8

Expert Comment

by:Lee Ingalls
ID: 39988986
Your Sonicwall should show bandwidth usage by client... see attached.
Depending on the model you can see in the Log section under reports - bandwidth usages by IP address.
sonicwall.pdf
0
 
LVL 5

Author Comment

by:JasonDuncanworks
ID: 39988996
Thank you for that, but there are several sites that I cannot access the SW and that is why I need a separate device. Something I can almost monitor in real time.
0
 
LVL 8

Expert Comment

by:Lee Ingalls
ID: 39989026
Do you have a VPN or RDP/TS connection to the remote sites?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 5

Author Comment

by:JasonDuncanworks
ID: 39989058
No vpn but I can get access to a machine on the LAN.
0
 
LVL 8

Expert Comment

by:Lee Ingalls
ID: 39989190
but I can get access to a machine on the LAN.
Sorry, I'm not trying to be difficult... Does this network belong to you/yours to admin?
ISP (Modem) --- SonicWALL -- Switch -- Clients
If you have access to a computer on the LAN... wouldn't you then have access to that sites Sonicwall?
0
 
LVL 5

Author Comment

by:JasonDuncanworks
ID: 39989219
For these few site, the software vendor has control over the SW. Its a tractor place and they have to vpn in to the vendor site. I ask for access to it, but they tell the customers if I log in to it, they take no responsibility and will not support them if an issue arises now or in the future.

Even if I had access to the SW, there are several other site I have that use home based routers for there business. I am just looking for an easier way to track down potential bandwidth hogs.
0
 
LVL 8

Assisted Solution

by:Lee Ingalls
Lee Ingalls earned 150 total points
ID: 39989290
I use Wireshark in addition to the SonicWall tools.
http://www.wireshark.org/download.html

Select an interface and start a capture...
Select Statistics - Conversations - IPv4 or IPv6...
Sort by Bytes

You need a NIC that supports promiscuous mode. Full network traffic capture can be tricky with Wireshark.

Another free option is Nirsoft TrafficView.
http://www.nirsoft.net/utils/network_traffic_view.html
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 39990193
Since you don't have access to the Sonicwall, you have to insert something in front of it (a NIC with promiscuous mode isn't sufficient, as the traffic is still protected by the switches):

ISP (Modem) --- SonicWALL -- (old hub or managed switch with port mirroring) -- Switch -- Clients

So you do have to interupt the network traffic (if you time it well, takes about 1 second).

Connect one cable from the switch to the old hub or managed switch with port mirroring. Also connect your laptop to this hub/switch (if hub, doesn't matter which port, if managed switch, use the configured 2 ports with the mirror function enabled). Then another cable in any other port, back to the Sonicwall.

Now you can use any capture tool to view ALL outgoing traffic (internal traffic doesn't pass through here though). Wireshark would be nice, as you can sort on the highest user with Statistics > Endpoints > click on IPv4 or TCP tab > sort Bytes column. (Conversations will show multiple same IP's, which may confuse you and still not get the hightest user)
0
 
LVL 5

Author Comment

by:JasonDuncanworks
ID: 39993066
Kimputer,

Attached is a picture of what I think your are talking about. Please try to keep the laughter down I know its not to scale.
Layout.png
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 350 total points
ID: 39993074
Yes, if your switch clearly states it supports port mirroring, enable it for the port with your customer switch, and the port for your laptop (in your picture, the second and third port, counting from left right down)
Actually, if you can also enable it for the first and third port (firewall/laptop), will have the same result.
0
 
LVL 5

Author Comment

by:JasonDuncanworks
ID: 40000117
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40000211
Seems that's exactly what you need.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
gns3 - switchport trunk allow vlan error 4 69
VirtualBOX on GNS3 11 132
Ping Through ASA Firewall 6 46
switch design question 6 42
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question