• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

how to diagnose abnormal network usage? (long post)

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

xpwj

Registered
Joined
Jul 23, 2003
Location
vancouver
I'm helping a small office with a server and 4 computer, they have been over their network usage for the 3rd month now, however, we can't find why the usage suddenly gets to high last 3 month. here are some data:

month of dec: daily usage was between 30mb to 90mb
08 jan: same as dec, 30mb to 90mb
08 feb: starting feb 6th, daily usage went up to about 300-500mb per day, all the way up to now.

Even on days with only 1 employer (the manager himself) the usage was about 400mb and he only checks email. I've checked all 4 pcs are clean from spyware and virus, no download program , no games installed.....I even installed Netlimiter to track the usage on all pcs but the number is very low, anyone has ever came across this kinda of problem? Also the ISP says 90% of the usage were download and very little upload. I don't see any unusual services running on server as well but the usage is still very high. Any one has any suggestions on what to do?
 
You could use something like Network Probe to monitor all your traffic. They have a trial available, although I'm not quite sure what the limitations are. I've used the full version and it works very well.

There are also free utilities like WireShark/Ethereal, which can be used to capture everything on any interface you have.
 
to ratbuddy: no there is no wireless router. just the main switch, very simple network.

to Jon: I will give that a try, do u know if that just need to be installed on server? or on server + all pcs? and also if i log off server administrator, will it still run in background? the problem i had with netlimiter is if i log in remotely to check and logoff after, it won't be running anymore ..so have to leave the administrator logged on@@.

PS: thankx for quick reply guys :beer:
 
Wireshark is for traffic capturing and can be on any system that has access to a port on your network. You set it to target the port and it will capture promiscuously. Downside is that the more traffic there is, the more you have to sift through and the capture files can get quite large. It's not something you want to run more than a few hours (during which times your bandwidth is at peak usage). You will also need to know how to analyze this captured data, although if it's something obvious, it shouldn't be hard to sift out.

Net Probe is easier and can run all the time, but as I said before, I don't know what their trial is like. I'm sure there are many other free ones available, just try a few and see what works. If you want something to run in the background, then you're going to have to limit your search to network monitoring services. Those might be a little more difficult to find for free.
 
If the switch is managed you should be able to see what ports have the most traffic to help identify what device is doing the downloading.
 
well i checked the WRT54G router that acts as the firewall just before going to the ISP modem, i checked the log file in the wrt54g, don't see any special or unsual ips.....at first the ISP suggest maybe someoen was constantly watching youtube while at work but, i only see youtube address poping out once in whole week...so that's not it either...strangely, the usage went down to 148 just the day before yesterday and 98 yesterday..again...i have no idea why it just suddenly went down...
 
Wireshark is for traffic capturing and can be on any system that has access to a port on your network. You set it to target the port and it will capture promiscuously. Downside is that the more traffic there is, the more you have to sift through and the capture files can get quite large. It's not something you want to run more than a few hours (during which times your bandwidth is at peak usage). You will also need to know how to analyze this captured data, although if it's something obvious, it shouldn't be hard to sift out.

Net Probe is easier and can run all the time, but as I said before, I don't know what their trial is like. I'm sure there are many other free ones available, just try a few and see what works. If you want something to run in the background, then you're going to have to limit your search to network monitoring services. Those might be a little more difficult to find for free.

If I'm not mistaken, if you use a program like wireshark or ethereal on a computer on a switch, you're only going to capture broadcasts, and inbound traffic on that port. You'll need a hub on the switches uplink to the router, if you want to capture all traffic.
 
Maxi! i'm gonna try disable the window update on all client machien and server and monitor for few days!! thankx!!:beer:
 
but to do it every day for how long? kinda iffy that its updates to me, i'm not leaving it out, but most people do them at 3AM i usually do at work because noone is there.
 
If I'm not mistaken, if you use a program like wireshark or ethereal on a computer on a switch, you're only going to capture broadcasts, and inbound traffic on that port. You'll need a hub on the switches uplink to the router, if you want to capture all traffic.

Managed switches usually allow you to setup a monitoring port, which has all traffic sent to for just this purpose. Only get it on higher level switches though.
 
Back