Gregory Wood wrote:
Problem 1: I have a couple of sites, one with 30 users, another with 500 users. The switches are unmanaged. Occasionally, someone won't be able to log in or they will loose a network printer. I suspect one or more PCs are soaking up the bandwidth. Problem 2: I work with a local ISP. He has his system subnetted BUT there are still folks who find a 'free' IP and use it. When the owner of the IP fires up his system, he can't connect. Also, as above, he has seen the 'steady state' bandwidth increase but can't identify the users. He has CISCO switches and I would have though they would have the tools to identify the user consumption. Apparently not. Is there a tool for monitoring who is using the bandwidth and with what MAC? I've used Ethereal but it generates way too much detail. I would like to load up a notebook and a hub and stick it between the server and the rest of the network or between the Internet firewall and the network. Ideas? Thoughts?
If the Ciscos are managed switches, try using MRTG to graph port usage. You should also be able to log on and show port info, check the docs for the switches CLI. Haven't used Cisco switches here, but something along the lines of "show int" should get what you need.
For individual bandwidth usage on a local subnet, iptraf provides a neat glance at "real-time" usage. If you're on a switched network, you'll need some way to see all the traffic on the network. For 3com switches, it's called something like the "roving analysis port" (better than using a hub near the firewall, just analyze the firewall's port). Iptraf will give a nice display of traffic in and traffic out, listed by MAC. Then it's just a matter of tracing down the MAC's location, and going to said location with a big stick in hand :-)
You might also want to nmap your network periodically. Look for surprising IP addresses.
You'll probably find misbehaving KaZaa servers to blame. They're very bad about playing well on a network, and will happily saturate your bandwidth.
--Rich