How can I find out who is the office bandwidth hog on our RV042

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by martin_nv, Jul 11, 2007.

  1. martin_nv

    martin_nv Network Guru Member

    Can someone steer me in the right direction on what I need to figure out who is using up all of our bandwidth in the office? We have an RV042 connected to a DSL line and an SR224 switch, with about 12 users behind it. Once in a while the bandwidth goes crazy and I want to be able to figure out which computer in the office is responsible.
  2. ifican

    ifican Network Guru Member

    First off once in a while in my opinion is no big deal. However if it is happening enough that it bothers you the easiest way is to first figure out which port its comming from. Do that by selectively closing ports one at a time under the saturation stops. But take your time as it will take just a moment for it to show. Once you discover what port it is (hopefully you only have 1 host per port), youll know what user it is. If you have more then one user off that port look at the arp cache for that port then compare it to the dhcp table. I dont know if the RV will log traffic, but if so you can then log traffic for that ip or ip's and see where they are going. I used to go as far as checking the websites that were being accessed and then when network saturation happend shutting off access one site at a time until the bandwidth dropped. At that point youll know without a doubt who it is and what site is being accessed.

    Though there are many ways to do it depending on the software of the switch and or the available equipment at your disposal. Thats just the way that has worked for me with the equipment i have had.
  3. martin_nv

    martin_nv Network Guru Member

    Thanks for the reply, ifican. By closing ports you mean simply unplugging each of the network cables from the switch, right? I'm doing that now, but I was hoping there was a quicker way to do this. Ideally what I would like to see is a screen that shows each IP address in our network and what the volume of traffic for each IP for the last hour, lets say.
  4. HennieM

    HennieM Network Guru Member

    Try ethereal or another sniffer. Some difficulties with sniffers though -
    Does not work well when computers are connected via a switch (as opposed to a hub), as switches don't tell everybody what they hear.
    You may see a lot of traffic and have to play around with protocols and ports to find meaningful info. Protocols being the language spoken between computers. Ports being the software sockets where the one computer talks from port x, and the computer that it's talking to at the other end listens on port y.

    However, if you guys are running Windoze, my wild uneducated guess is that it is not one computer/user hogging your bandwidth, but many/all computers trying to get the never-ending updates all at just about the same time.
  5. ifican

    ifican Network Guru Member

    Semi good point as windows just released a bunch of updates in the last few days. About the ports, i thought that particular linksys switch was managable and thus you should be able to log into it and shut a port off remotely while monitoring your traffic usage. As to graphing it all it can be done but now you are going to have to have a server handy and run a bandwidth monitor program (mrtg comes to mind). I guess a cheaper route would be to get a router that will run tomato or dd-wrt, i know tomato has a good bandwidth graph not sure about dd-wrt and not sure how detailed it is (by host). The router would be a much cheaper route as you can get a older model buffalo or linksys capable of doing such for a around $40 US.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice