nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Network Analyzer help required!

kaxim

Hello everyone,

I work at a power plant and live in its hostel. We have an 8Mbps connection from our national telephone provider. They have a provided a simple router in which the phone line goes in. The out of that router goes to the wifi device (i am not sure if its a router or a modem or what) which spreads signals in the air.

That said, the problem is that sometimes the speed is very good. Youtube videos play without buffering but sometimes it gets super slow. I cant even browse. I was wondering if i could use any software and see who is using most of the bandwidth? People may be using torrents and utilizing all the speed for themselves and not leaving anything for others.

Pl suggest a solution? how can i check that? and what is it called? packet sniffing or network top talkers or what?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Bl8ckr0uter

Are you taking any netflow data?

docrice

You might want to consider using NetFlow. You can use the free / limited version of SolarWinds NetFlow Analyzer to check to see if a particular set of endpoints is hogging up all the bandwidth. Here's a short article I wrote for this:

http://kimiushida.com/bitsandpieces/articles/solarwinds_netflow_analyzer_quickstart/

This is assuming your routing device supports this feature. If it's a consumer grade one, probably not. You can also temporarily put a hub in-line between the internal interface of the router and the rest of the inside network and perform a real-time trace to see who is sending what kind of traffic. Be sure that you have an existing acceptable-use policy in place that allows you to monitor other people's traffic though.

Bl8ckr0uter

Depending on your ISP, they might have some of this information for you at least on the wan side.

Ahriakin

If you can span ports then try a PC running NTOP, (you can get a Netflow export plugin to convert your results to that format and use the tools as mentioned above)

kaxim

OK I will read the article but you guys are talking about very high level techie stuff. I ain't that techie. Isn't there any easy way for simple home computer users? Like i used netscan. Its really easy. only one click and you find out how many PCs are connected to the network their IPs and names etc

Plus what is this called? Is this sniffing? or analyzing?

docrice

Scanning a network and differentiating usage between hosts in a network environment are separate things. Unless the router can provide reporting and break down traffic into streams that will help you narrow the focus, you'll need to find some way to obtain / analyze traffic. If you're not comfortable with TCP/IP or using a sniffer like tcpdump or Wireshark, you'll have to find some other means like pulling interface statistics from your hosts (assuming you have a centralized way of managing systems).

A big factor regarding the difficulty of this will be the number of hosts in your environment. If it's just a few, you can probably walk around and look at what users are doing. If you have thousands, then you'll need to leverage another avenue to collect data.

Bl8ckr0uter

NTOP isn't that hard to set up. You could (for bonus points) set up something like Alienvault. It has NTOP and a ton of other useful stuff built in so you can not only get your top talkers but a ton of security stuff as well.

AlienVault

Ahriakin

Bl8ckr0uter wrote: »

NTOP isn't that hard to set up. You could (for bonus points) set up something like Alienvault. It has NTOP and a ton of other useful stuff built in so you can not only get your top talkers but a ton of security stuff as well.

AlienVault

I set up OSSIM (The open source version) at my last company. Great for a freebie but a VERY steep learning curve with minimal documentation for the SIEM components -I ended up writing some of their docs for integrating tools like OSSEC and OSIRIS into it, and I HATE writing documentation

...I wonder if they're still there...6 month of learning the individual components, jury rigging any free old servers I could find, and implementing it across our main data centers led to the company that bought us just letting it all gather dust since no one else knew how to work it.
Anyway I imagine the commercial version is more turnkey'ish but still way beyond what the OP wants to get into.

Bl8ckr0uter

Oh I agree, this would be for bonus points for sure

I don't know what the docs were by I think the docs are ok at best. I mean he obviously would start off with NTOP and then branch into OSSEC and the others.