Options
Network Analyzer help required!
Hello everyone,
I work at a power plant and live in its hostel. We have an 8Mbps connection from our national telephone provider. They have a provided a simple router in which the phone line goes in. The out of that router goes to the wifi device (i am not sure if its a router or a modem or what) which spreads signals in the air.
That said, the problem is that sometimes the speed is very good. Youtube videos play without buffering but sometimes it gets super slow. I cant even browse. I was wondering if i could use any software and see who is using most of the bandwidth? People may be using torrents and utilizing all the speed for themselves and not leaving anything for others.
Pl suggest a solution? how can i check that? and what is it called? packet sniffing or network top talkers or what?
I work at a power plant and live in its hostel. We have an 8Mbps connection from our national telephone provider. They have a provided a simple router in which the phone line goes in. The out of that router goes to the wifi device (i am not sure if its a router or a modem or what) which spreads signals in the air.
That said, the problem is that sometimes the speed is very good. Youtube videos play without buffering but sometimes it gets super slow. I cant even browse. I was wondering if i could use any software and see who is using most of the bandwidth? People may be using torrents and utilizing all the speed for themselves and not leaving anything for others.
Pl suggest a solution? how can i check that? and what is it called? packet sniffing or network top talkers or what?
Comments
-
Options
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Are you taking any netflow data? -
Options
docrice
Member Posts: 1,706 ■■■■■■■■■■
You might want to consider using NetFlow. You can use the free / limited version of SolarWinds NetFlow Analyzer to check to see if a particular set of endpoints is hogging up all the bandwidth. Here's a short article I wrote for this:
http://kimiushida.com/bitsandpieces/articles/solarwinds_netflow_analyzer_quickstart/
This is assuming your routing device supports this feature. If it's a consumer grade one, probably not. You can also temporarily put a hub in-line between the internal interface of the router and the rest of the inside network and perform a real-time trace to see who is sending what kind of traffic. Be sure that you have an existing acceptable-use policy in place that allows you to monitor other people's traffic though.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Depending on your ISP, they might have some of this information for you at least on the wan side.
-
Options
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
If you can span ports then try a PC running NTOP, (you can get a Netflow export plugin to convert your results to that format and use the tools as mentioned above)We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Options
kaxim
Member Posts: 17 ■□□□□□□□□□
OK I will read the article but you guys are talking about very high level techie stuff. I ain't that techie. Isn't there any easy way for simple home computer users? Like i used netscan. Its really easy. only one click and you find out how many PCs are connected to the network their IPs and names etc
Plus what is this called? Is this sniffing? or analyzing? -
Optionsdocrice
Member Posts: 1,706 ■■■■■■■■■■
Scanning a network and differentiating usage between hosts in a network environment are separate things. Unless the router can provide reporting and break down traffic into streams that will help you narrow the focus, you'll need to find some way to obtain / analyze traffic. If you're not comfortable with TCP/IP or using a sniffer like tcpdump or Wireshark, you'll have to find some other means like pulling interface statistics from your hosts (assuming you have a centralized way of managing systems).
A big factor regarding the difficulty of this will be the number of hosts in your environment. If it's just a few, you can probably walk around and look at what users are doing. If you have thousands, then you'll need to leverage another avenue to collect data.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
NTOP isn't that hard to set up. You could (for bonus points) set up something like Alienvault. It has NTOP and a ton of other useful stuff built in so you can not only get your top talkers but a ton of security stuff as well.
AlienVault -
OptionsAhriakin
Member Posts: 1,799 ■■■■■■■■□□
Bl8ckr0uter wrote: »NTOP isn't that hard to set up. You could (for bonus points) set up something like Alienvault. It has NTOP and a ton of other useful stuff built in so you can not only get your top talkers but a ton of security stuff as well.
AlienVault
I set up OSSIM (The open source version) at my last company. Great for a freebie but a VERY steep learning curve with minimal documentation for the SIEM components -I ended up writing some of their docs for integrating tools like OSSEC and OSIRIS into it, and I HATE writing documentation
...I wonder if they're still there...6 month of learning the individual components, jury rigging any free old servers I could find, and implementing it across our main data centers led to the company that bought us just letting it all gather dust since no one else knew how to work it.
Anyway I imagine the commercial version is more turnkey'ish but still way beyond what the OP wants to get into.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Oh I agree, this would be for bonus points for sure
I don't know what the docs were by I think the docs are ok at best. I mean he obviously would start off with NTOP and then branch into OSSEC and the others.
