How to find the bandwidth hogs?

Hello Experts - I am looking for a way to track down who is using too much bandwidth and bringing internet speeds down for everyone.  I have a flat network with a Dell NSA 240 firewall.  Unfortunately my predecessor did not opt to purchase any of the integrated tools on the firewall so I don't have much insight into how bandwidth is being used on that device.  I'd prefer a free solution if there is a good one, please let me know if you have any suggestions.
danbrown_IT ManagerAsked:
Who is Participating?
 
Ken BooneNetwork ConsultantCommented:
Well if you want free, you can setup NTOP.  Basically get a box and install NTOP on it.  Then mirror the inside firewall port and watch NTOP when your bandwidth is crawling.  You will see who is using what and will know what the traffic is.

http://www.ntop.org
0
 
Fred MarshallPrincipalCommented:
Or, you can use PRTG free version and use SNMP to monitor switch and router ports for traffic levels.
0
 
danbrown_IT ManagerAuthor Commented:
Good suggestions, thanks guys
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Ken BooneNetwork ConsultantCommented:
Yea PRTG and SNMP will show you traffic levels, but it will show you how much traffic, but not who is using what traffic.  PRTG or CACTI or something like that is great for historical and real time bandwidth utilization, but you need netflow or a "netflow-like" tool in order to see who is doing what specifically.  NTOP is a netflow-like tool.  I think PRTG has a netflow plugin but I don't think it is in the free version, plus you would need a netflow capable device.
Hope that helps.
0
 
Fred MarshallPrincipalCommented:
Yes, it rather depends on the system topology.  If all the computers come into a centralized switch with no switch cascading at all then the switch ports and the computers are 1:1.  So, this will be the case in some buildings and not in others and there is likely to be some bit of switch cascading where wall ports are inadequate, etc.
0
 
danbrown_IT ManagerAuthor Commented:
I wish I could use Netflow but that isn't something this firewall supports.  It has its own built in tools but the prior admin who purchased it didn't license any features.  We actually have a series of switches so I'm using PRTG to get SNMP info out of the firewall for now.  Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.