SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Other LAN and WAN

Thread Tools Search this Thread Display Modes
Old 02-07-2013, 02:45 AM
shejin shejin is offline
New Member
Join Date: Feb 2013
Location: Bangalore, India
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
shejin is just starting out
Question Need help to monitor internet usage in my LAN


I have a small Network at my office, all done by myself with my limited knowledge. I have 9 systems connected thru physical LAN and 1 laptop connected through Wireless (from my internet router)

I have distributed the internet connection openly, not using a proxy server. Anyone plugs in will get Internet on their system through the DHCP.

Recently I found that internet usage been crossing the limits. I am looking for a cheap solution to sniff/monitor internet/bandwidth usage system wise.

My LAN architecture goes like this...
I have a internet router (Linksys/Cisco WRT 120N) from which the cable goes to an un-managed 8 port switch.
I have three different areas in my office, so I pulled single cable to each of these areas and there I used another un-managed 8 port switch to distribute the LAN to the systems. All the three areas I did like this. Pls find the graphical pattern attached.

If I am right, bcs of my architecture pattern I dont think I can use a managed switch to capture Internet traffic, which captures the traffic port wise. I want to sniff the traffic by the IP or MAC address wise of the systems.

Suggestions/help will be much appreciated !!

Thanks in advance..
Shejin Thamby
Attached Images
File Type: png LAN Pattern.png (16.4 KB, 11 views)
Reply With Quote
Old 02-07-2013, 11:21 AM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
Join Date: May 2008
Posts: 9,288
Thanks: 167
Thanked 661 Times in 554 Posts
thiggins is just starting out

You will find that "sniffing" traffic will overwhelm you with data. What kind of information are you looking for and what controls do you want?

An easy first step is to switch to OpenDNS for DNS. You can do this at the router level. Then block port 53 at the router so that users cannot set their own DNS servers.
Tim Higgins
Managing Editor,
Reply With Quote
Old 02-08-2013, 04:28 PM
tipstir tipstir is offline
Very Senior Member
Join Date: Aug 2008
Location: South Florida
Posts: 1,628
Thanks: 0
Thanked 35 Times in 35 Posts
tipstir is just starting out
Send a message via AIM to tipstir Send a message via Yahoo to tipstir Send a message via Skype™ to tipstir

You could beef up the router and get one to control and monitor packets (data coming in and out) You can see who's accessing social networks an etc. Block IP or Web Sites you don't want these 9 systems to access. Another way is to block the sites through Group Policy or use one PC as

Kerio Control Web Filter

Kerio Control Web Filter service prevents users from visiting websites that are known to contain malicious content, including viruses, spyware, Trojans, or web pages that engage in phishing attacks or online identity theft.

Kerio Control Web Filter, integrated as a security service in Kerio Control, organizes sites into 141 different categories of web content. Administrators block or log access to sites based on specific content categories.

Kerio Control Statistics
Network statistics
and user-based reporting
Reply With Quote
Old 02-08-2013, 04:44 PM
stevech stevech is offline
Very Senior Member
Join Date: Mar 2010
Location: San Diego
Posts: 5,005
Thanks: 1
Thanked 359 Times in 346 Posts
stevech is just starting out

use websense?
Reply With Quote
Old 04-09-2013, 11:39 AM
George5164 George5164 is offline
New Member
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
George5164 is just starting out
Default It Is a big job

HI: I am using a Cisco SG 200-08 smart switch to monitor LAN traffic to the internet. It does work perfectly and it does produce a lot of data. Wireshark is the software (free) of choice, I am still looking for a way to convert the Wireshark file output from binary format to text so that I can determine the traffic action for each IP on my LAN. WE use a satellite ISP and need to control traffic levels to avoid additional charges.

Our WAN LAN connections are as follows: The satellite dish is connected to a Surfbeam modem connected to the WAN port of a Netgear 3700 router. LAN port 1 of the router is connected to LAN port one of the smart switch and LAN port 1 of the smart switch is MIRRORED to LAN port 8 of the smart switch. LAN port 8 of the smart switch is connected to the second NIC card in my PC. Wireshark monitors that second NIC in my PC. All of the other devices on our LAN are connected to the smart switch directly or through other unmanaged switches. There are 17 devices connected to our LAN. All NICs switches and routers are giga bit devices. LAN port one of the smart switch is set to 10/100 speed to limite the transfer rate attempted on the satellite up-link.

Wireshark has excellent filtering abilities on capturing and a very good file system for recording captures. One needs to be able to process those files automatically every day so as to not consume the HD space on the monitoring system and to get useful data from the exercise. I plan to use Liberty Basic to process the capture files and then delete them daily once I learn how to convert the Wireshark *.pcap to *.txt files.

I look forward to hearing about how you succeed with this task and about any other suggestions members may have. George5164
Reply With Quote

bandwidth usage, internet, lan, monitor, sniff

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

All times are GMT -4. The time now is 12:44 AM.

Top 10 Stats
Top Posters* Top Thanked
RMerlin  357
L&LD  118
john9527  117
stevech  97
htismaqe  91
azazel1024  90
jegesq  84
huotg01  83
watusi  64
ColinTaylor  56
RMerlin  6414
john9527  508
stevech  358
ryzhov_al  298
TeHashX  263
L&LD  255
RogerSC  205
sinshiva  149
sfx2000  138
hggomes  131
Most Viewed Threads* Hottest Threads*
Old New AC68...  9855
Old Why not...  8812
Old ASUS RT-N66U...  6294
Old RT-AC66U...  3688
Old Why ASUS?  2508
Old NAS...  1934
Old Help Plz:...  1679
Old OpenVPN...  1619
Old Asus...  1555
Old Remote...  1526
Old Why not...  81
Old Remote...  46
Old New AC68...  36
Old Whats going...  31
Old Extension...  26
Old The future...  26
Old ASUS RT-N66U...  26
Old RT-N66U...  26
Old OpenVPN...  25
Old What are the...  25

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.