SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Other LAN and WAN

Thread Tools Search this Thread Display Modes
Old 02-07-2013, 02:45 AM
shejin shejin is offline
New Member
Join Date: Feb 2013
Location: Bangalore, India
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
shejin is just starting out
Question Need help to monitor internet usage in my LAN


I have a small Network at my office, all done by myself with my limited knowledge. I have 9 systems connected thru physical LAN and 1 laptop connected through Wireless (from my internet router)

I have distributed the internet connection openly, not using a proxy server. Anyone plugs in will get Internet on their system through the DHCP.

Recently I found that internet usage been crossing the limits. I am looking for a cheap solution to sniff/monitor internet/bandwidth usage system wise.

My LAN architecture goes like this...
I have a internet router (Linksys/Cisco WRT 120N) from which the cable goes to an un-managed 8 port switch.
I have three different areas in my office, so I pulled single cable to each of these areas and there I used another un-managed 8 port switch to distribute the LAN to the systems. All the three areas I did like this. Pls find the graphical pattern attached.

If I am right, bcs of my architecture pattern I dont think I can use a managed switch to capture Internet traffic, which captures the traffic port wise. I want to sniff the traffic by the IP or MAC address wise of the systems.

Suggestions/help will be much appreciated !!

Thanks in advance..
Shejin Thamby
Attached Images
File Type: png LAN Pattern.png (16.4 KB, 11 views)
Reply With Quote
Old 02-07-2013, 11:21 AM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
Join Date: May 2008
Posts: 9,357
Thanks: 173
Thanked 683 Times in 569 Posts
thiggins is just starting out

You will find that "sniffing" traffic will overwhelm you with data. What kind of information are you looking for and what controls do you want?

An easy first step is to switch to OpenDNS for DNS. You can do this at the router level. Then block port 53 at the router so that users cannot set their own DNS servers.
Tim Higgins
Managing Editor,
Reply With Quote
Old 02-08-2013, 04:28 PM
tipstir tipstir is offline
Very Senior Member
Join Date: Aug 2008
Location: South Florida
Posts: 1,632
Thanks: 0
Thanked 35 Times in 35 Posts
tipstir is just starting out
Send a message via AIM to tipstir Send a message via Yahoo to tipstir Send a message via Skype™ to tipstir

You could beef up the router and get one to control and monitor packets (data coming in and out) You can see who's accessing social networks an etc. Block IP or Web Sites you don't want these 9 systems to access. Another way is to block the sites through Group Policy or use one PC as

Kerio Control Web Filter

Kerio Control Web Filter service prevents users from visiting websites that are known to contain malicious content, including viruses, spyware, Trojans, or web pages that engage in phishing attacks or online identity theft.

Kerio Control Web Filter, integrated as a security service in Kerio Control, organizes sites into 141 different categories of web content. Administrators block or log access to sites based on specific content categories.

Kerio Control Statistics
Network statistics
and user-based reporting
Reply With Quote
Old 02-08-2013, 04:44 PM
stevech stevech is offline
Very Senior Member
Join Date: Mar 2010
Location: San Diego
Posts: 5,181
Thanks: 1
Thanked 376 Times in 363 Posts
stevech is just starting out

use websense?
Reply With Quote
Old 04-09-2013, 11:39 AM
George5164 George5164 is offline
New Member
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
George5164 is just starting out
Default It Is a big job

HI: I am using a Cisco SG 200-08 smart switch to monitor LAN traffic to the internet. It does work perfectly and it does produce a lot of data. Wireshark is the software (free) of choice, I am still looking for a way to convert the Wireshark file output from binary format to text so that I can determine the traffic action for each IP on my LAN. WE use a satellite ISP and need to control traffic levels to avoid additional charges.

Our WAN LAN connections are as follows: The satellite dish is connected to a Surfbeam modem connected to the WAN port of a Netgear 3700 router. LAN port 1 of the router is connected to LAN port one of the smart switch and LAN port 1 of the smart switch is MIRRORED to LAN port 8 of the smart switch. LAN port 8 of the smart switch is connected to the second NIC card in my PC. Wireshark monitors that second NIC in my PC. All of the other devices on our LAN are connected to the smart switch directly or through other unmanaged switches. There are 17 devices connected to our LAN. All NICs switches and routers are giga bit devices. LAN port one of the smart switch is set to 10/100 speed to limite the transfer rate attempted on the satellite up-link.

Wireshark has excellent filtering abilities on capturing and a very good file system for recording captures. One needs to be able to process those files automatically every day so as to not consume the HD space on the monitoring system and to get useful data from the exercise. I plan to use Liberty Basic to process the capture files and then delete them daily once I learn how to convert the Wireshark *.pcap to *.txt files.

I look forward to hearing about how you succeed with this task and about any other suggestions members may have. George5164
Reply With Quote

bandwidth usage, internet, lan, monitor, sniff

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

All times are GMT -4. The time now is 05:12 PM.

Top 10 Stats
Top Posters* Top Thanked
RMerlin  538
john9527  187
System Error...  171
huotg01  160
stevech  150
L&LD  146
jegesq  143
hggomes  88
azazel1024  83
RussellInCinc...  71
RMerlin  6987
john9527  668
stevech  375
ryzhov_al  311
L&LD  275
TeHashX  271
RogerSC  211
hggomes  176
sinshiva  156
sfx2000  145
Most Viewed Threads* Hottest Threads*
Old [CLOSED]...  45401
Old SECURITY:...  18710
Old ASUS...  11019
Old ASUS...  8241
Old Asus...  5391
Old Asuswrt-Merli...  5338
Old choose a new...  3546
Old dd-wrt for...  2480
Old Bulding...  2346
Old Horrible...  2166
Old [CLOSED]...  338
Old Asus...  106
Old SECURITY:...  74
Old choose a new...  73
Old Asuswrt-Merli...  70
Old ASUS...  59
Old dd-wrt for...  47
Old What is dual...  44
Old ASUS...  43
Old Can you help...  40

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
© 2006-2015 Pudai LLC All Rights Reserved.