Internet Related/Filtering/Firewall Thread, Bandwidth usage - how can I find device causing it in Technical; Hello
The school I support seem to be suffering from excessive bandwidth usage, leading to slow internet download speeds. Is ...
7th December 2012, 11:47 AM #1
Bandwidth usage - how can I find device causing it
The school I support seem to be suffering from excessive bandwidth usage, leading to slow internet download speeds. Is there anyway I can trace the device causing it? I remember some software called "The Dude" a few years ago but don't know if it can be used for this. Stopping short of turning everything off and on one by one....
7th December 2012, 11:49 AM #2
If you can mirror the port leading to your router then you can run wire shark on a machine from that and see what is being excessive. That is how we have done it before. Other option is if your proxy has an per user/device information. Smoothwall has a lovely set of graphs showing the top users by IP that we have used to track down constant streamers.
7th December 2012, 11:57 AM #3
As you can see from the cacti graph the school is hitting its 2MB limit and going over it quite alarmingly. I will try wireshark on the station I am on, will be good to find out what is causing this as I am struggling to update 2 iPads to IOS6 (760MB download from Apple).
7th December 2012, 11:59 AM #4
For general traffic If you have managed switches you can query them via SNMP and ask for their traffic counters. As long as you know what uses which switch port (and you should!) then it'd be fairly obvious (I have a Linux server running Cacti doing this here). Short of that, as above you need to mirror the port and monitor the traffic flows that way. If you main switch doesn't support mirroring then another option is have a machine setup as a layer 3 bridge and run some monitoring software on that (I've done this in the past with ntop on Linux).
If it's simply web traffic that's the issue (usually the only internet traffic a school network produces in any quantity due to how locked down LEA networks are) then you should be able to work out the usage from your web proxy logging.
7th December 2012, 06:29 PM #5
Can your ISP not just tell you this? On the Fortinet devices we use its a piece of cake as you can see bandwidth by per IP address on your LAN and this easily shows which machine is the culprit and also what type of traffic they are using.
Otherwise SNMP monitor your switch ports as @Geoff recommends
7th December 2012, 06:37 PM #6
How many devices do you have on your lan? 2mb could quite easily be hit IMHO but depends on the amount of users
By reggiep in forum Windows
Last Post: 15th March 2012, 03:05 PM
By albertwt in forum Enterprise Software
Last Post: 23rd February 2011, 11:21 PM
By ejane in forum London Grid for Learning (LGfL)
Last Post: 22nd October 2010, 04:37 PM
By saundersmatt in forum General Chat
Last Post: 30th June 2006, 02:25 PM
By ajbritton in forum Comments and Suggestions
Last Post: 19th January 2006, 11:24 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)