SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Other LAN and WAN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 02-07-2013, 01:45 AM
shejin shejin is offline
New Member
 
Join Date: Feb 2013
Location: Bangalore, India
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
shejin is just starting out
Question Need help to monitor internet usage in my LAN

Hi,

I have a small Network at my office, all done by myself with my limited knowledge. I have 9 systems connected thru physical LAN and 1 laptop connected through Wireless (from my internet router)

I have distributed the internet connection openly, not using a proxy server. Anyone plugs in will get Internet on their system through the DHCP.

Recently I found that internet usage been crossing the limits. I am looking for a cheap solution to sniff/monitor internet/bandwidth usage system wise.

My LAN architecture goes like this...
I have a internet router (Linksys/Cisco WRT 120N) from which the cable goes to an un-managed 8 port switch.
I have three different areas in my office, so I pulled single cable to each of these areas and there I used another un-managed 8 port switch to distribute the LAN to the systems. All the three areas I did like this. Pls find the graphical pattern attached.

If I am right, bcs of my architecture pattern I dont think I can use a managed switch to capture Internet traffic, which captures the traffic port wise. I want to sniff the traffic by the IP or MAC address wise of the systems.

Suggestions/help will be much appreciated !!

Thanks in advance..
Shejin Thamby
Attached Images
File Type: png LAN Pattern.png (16.4 KB, 11 views)
Reply With Quote
  #2  
Old 02-07-2013, 10:21 AM
thiggins's Avatar
thiggins thiggins is online now
Mr. Easy
 
Join Date: May 2008
Posts: 8,842
Thanks: 138
Thanked 547 Times in 467 Posts
thiggins is just starting out
Default

You will find that "sniffing" traffic will overwhelm you with data. What kind of information are you looking for and what controls do you want?

An easy first step is to switch to OpenDNS for DNS. You can do this at the router level. Then block port 53 at the router so that users cannot set their own DNS servers.
https://www.opendns.com/business-sol...-dns/benefits/
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #3  
Old 02-08-2013, 03:28 PM
tipstir tipstir is offline
Very Senior Member
 
Join Date: Aug 2008
Location: South Florida
Posts: 1,625
Thanks: 0
Thanked 35 Times in 35 Posts
tipstir is just starting out
Send a message via AIM to tipstir Send a message via Yahoo to tipstir Send a message via Skype™ to tipstir
Default

You could beef up the router and get one to control and monitor packets (data coming in and out) You can see who's accessing social networks an etc. Block IP or Web Sites you don't want these 9 systems to access. Another way is to block the sites through Group Policy or use one PC as


Kerio Control Web Filter


Kerio Control Web Filter service prevents users from visiting websites that are known to contain malicious content, including viruses, spyware, Trojans, or web pages that engage in phishing attacks or online identity theft.

Kerio Control Web Filter, integrated as a security service in Kerio Control, organizes sites into 141 different categories of web content. Administrators block or log access to sites based on specific content categories.

http://www.kerio.com/control/user-management/web-filter

Kerio Control Statistics
Network statistics
and user-based reporting

http://www.kerio.com/control/user-ma...tics-reporting
Reply With Quote
  #4  
Old 02-08-2013, 03:44 PM
stevech stevech is offline
Very Senior Member
 
Join Date: Mar 2010
Location: San Diego
Posts: 4,456
Thanks: 1
Thanked 316 Times in 304 Posts
stevech is just starting out
Default

use websense?
Reply With Quote
  #5  
Old 04-09-2013, 11:39 AM
George5164 George5164 is offline
New Member
 
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
George5164 is just starting out
Default It Is a big job

HI: I am using a Cisco SG 200-08 smart switch to monitor LAN traffic to the internet. It does work perfectly and it does produce a lot of data. Wireshark is the software (free) of choice, I am still looking for a way to convert the Wireshark file output from binary format to text so that I can determine the traffic action for each IP on my LAN. WE use a satellite ISP and need to control traffic levels to avoid additional charges.

Our WAN LAN connections are as follows: The satellite dish is connected to a Surfbeam modem connected to the WAN port of a Netgear 3700 router. LAN port 1 of the router is connected to LAN port one of the smart switch and LAN port 1 of the smart switch is MIRRORED to LAN port 8 of the smart switch. LAN port 8 of the smart switch is connected to the second NIC card in my PC. Wireshark monitors that second NIC in my PC. All of the other devices on our LAN are connected to the smart switch directly or through other unmanaged switches. There are 17 devices connected to our LAN. All NICs switches and routers are giga bit devices. LAN port one of the smart switch is set to 10/100 speed to limite the transfer rate attempted on the satellite up-link.

Wireshark has excellent filtering abilities on capturing and a very good file system for recording captures. One needs to be able to process those files automatically every day so as to not consume the HD space on the monitoring system and to get useful data from the exercise. I plan to use Liberty Basic to process the capture files and then delete them daily once I learn how to convert the Wireshark *.pcap to *.txt files.

I look forward to hearing about how you succeed with this task and about any other suggestions members may have. George5164
Reply With Quote
Reply

Tags
bandwidth usage, internet, lan, monitor, sniff

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 03:18 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  342
sm00thpapa  231
stevech  185
azazel1024  154
KGB7  138
jim769  83
htismaqe  81
philmiami  78
AcostaJA  69
ColinTaylor  59
RMerlin  5087
stevech  315
ryzhov_al  252
TeHashX  209
RogerSC  187
L&LD  186
joegreat  123
jlake  122
sfx2000  111
sinshiva  111
Most Viewed Threads* Hottest Threads*
Old ASUS RT-N66U...  23962
Old NETGEAR...  13039
Old Switched...  7644
Old 3.0.0.4.376.1...  6761
Old NEW RT-AC68R...  6680
Old ASUS...  6061
Old ASUS RTAC68U...  3531
Old Netgear...  3330
Old ASUS...  3207
Old N66U daily...  2861
Old ASUS RT-N66U...  169
Old NETGEAR...  161
Old Switched...  65
Old NEW RT-AC68R...  56
Old ASUS...  51
Old N66U daily...  47
Old Which router...  41
Old ASUS RTAC68U...  41
Old Netgear...  41
Old TP-Link...  38


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.