Re: off subject - ip & bandwidth management
Gregory Wood wrote:
Problem 1: I have a couple of sites, one with 30 users, another with 500
users. The switches are unmanaged. Occasionally, someone won't be able to
log in or they will loose a network printer. I suspect one or more PCs are
soaking up the bandwidth.
Problem 2: I work with a local ISP. He has his system subnetted BUT there
are still folks who find a 'free' IP and use it. When the owner of the IP
fires up his system, he can't connect. Also, as above, he has seen the
'steady state' bandwidth increase but can't identify the users. He has CISCO
switches and I would have though they would have the tools to identify the
user consumption. Apparently not.
Is there a tool for monitoring who is using the bandwidth and with what MAC?
I've used Ethereal but it generates way too much detail. I would like to
load up a notebook and a hub and stick it between the server and the rest of
the network or between the Internet firewall and the network.
If the Ciscos are managed switches, try using MRTG to graph port usage.
You should also be able to log on and show port info, check the docs for
the switches CLI. Haven't used Cisco switches here, but something along
the lines of "show int" should get what you need.
For individual bandwidth usage on a local subnet, iptraf provides a neat
glance at "real-time" usage. If you're on a switched network, you'll
need some way to see all the traffic on the network. For 3com switches,
it's called something like the "roving analysis port" (better than using
a hub near the firewall, just analyze the firewall's port). Iptraf will
give a nice display of traffic in and traffic out, listed by MAC. Then
it's just a matter of tracing down the MAC's location, and going to said
location with a big stick in hand :-)
You might also want to nmap your network periodically. Look for
surprising IP addresses.
You'll probably find misbehaving KaZaa servers to blame. They're very
bad about playing well on a network, and will happily saturate your