Tools to monitor domain network bandwidth

[vitalym]

I'm looking for a tool that will allow me to see who's generating network traffic.

eg. A user complains that their network is running very slow, opening or copying files to/from the server. I'd like to run a tool that will show me if a particular workstation on the network is generating a lot of traffic, maybe from a virus.

Currently I use cain & abel in combination with show traffic but it isn't the fastest and most easy to use setup.

Any good tools out there?

 

[RocketTech]

I know Meraki switches along with their cloud management can do this. I would think it would be a switch toolset.

 

[Snowknight26]

If you have a switch that allows port mirroring and your network is set up in such a way for it to work how I envision it should (hah, vagueness), enable port mirroring for the port that all the traffic goes through to an unused port. Then you'd simply need to run Wireshark on a machine, connect it to that unused port, capture packets when the problem occurs, then view Statistics -> Endpoints or Statistics -> IO Graph for fine tuning.

That should give you a basic understanding of which clients are connecting and how much data they are sending/receiving.

 

[vitalym]

I'm looking for tools that allow me to do it remotely.

I'd think the only way for a software to do it would be similarly to cain & abel, poison the route so that all workstations on the network think the computer I'm working off of is the gateway and traffic is redirected through it.

 

[Jay_2]

why not just monitor the switch ports via SNMP?

 

[vitalym]

why not just monitor the switch ports via SNMP?

Most of the switches aren't managed

 

[Metraon]

Most of the switches aren't managed

Then one of the only way is to install software on each computer, or to go with a managed switch. Prehaps on the router level ? What router do you have ?

 

[Jay_2]

How many workstations are there?

 

[mwarps]

Most of the switches aren't managed

Good luck.

 

[Ehren8879]

OP, would you be willing to put a transparent device between your WAN and internet source?

 

[Dark Shade]

Sounds like a job for Squid

 

[vitalym]

So my company has a lot of clients that we do IT for. Some have managed switches and some don't. I'm was just trying to see if I had any software options (rather than hardware) that can be used at any client to see what's going on.

If google and you guys don't have other solutions besides on a hardware level then it seems like there aren't any.

If anyone is curious as to how I do it now, I use the following
Cain & Abel
ShowTraffic
WinpCap

Install cain + winpcap
Run cain, it scans out the network to get the macs
Add all arps to the list and poison the route, spool everyones arp table to think the computer with cain is the gateway
Run ShowTraffic
Profit

 

[green91]

Sounds like a job for sflow/netflow, otherwise you have no idea what the traffic is.

 

[TriXje]

Install a hub between the location uplink and the router.
Then installl prtg network monitor on your laptop and connect it to the hub.

You can see all outgoing and incoming traffic and see top connections/protocols
Thats how we did it before switching out the switches for managed ones.

 

[vitalym]

Install a hub between the location uplink and the router.
Then installl prtg network monitor on your laptop and connect it to the hub.

You can see all outgoing and incoming traffic and see top connections/protocols
Thats how we did it before switching out the switches for managed ones.

That's a good idea, thanks!

How do you like prtg?

 

[hawk82]

Windows or linux workstations? Either way, you can install SNMP on them, then poll the workstations via SNMP using something like MRTG. You'd need a VPN or some other way to see these remote computers on the network where you want to install MRTG on, though.

 

[TriXje]

Delete pls

 

[TriXje]

Delete pls

 

[TriXje]

We use it to monitor all european connections and its great so far! Possible to check through android and webbrowser.