3

We dont have to many restrictions on the net in our domain right now. Normally its fine (we use fiber. 20 down and 35 up) with 40 users this isnt normally a big deal.

Every now and again the bandwidth does spike though and I need to be able to monitor whos using the most bandwidth to give in reports/restrict that user more if needed.

do you guys have any sugguestions on software or settings I can do this for?

Our domain has 2 DNS servers that the traffic is filtered through and our main firewall is an ASA5505. We use spiceworks so i've been thinking that maybe an addon that would do this would work.

Thanks for the help!

Lbaker101
  • 309
  • 2
  • 8
  • 18
  • Define "user". Is it a machine, a web server process, a virtual host, or just a website? – Aaron Sep 15 '11 at 02:41

2 Answers2

5

You might be able to use Netflow on the ASA 5505 to export traffic flow information to a Netflow collector. I think you need version 8.2 on the ASA in order to configure Netflow.

Barring that, you could set up a SPAN port on your switch (if you have a switch that supports port mirroring/monitoring) to mirror/monitor the port that uplinks to your firewall/router, install PRTG on a monitoring workstation, set up a packet sniffer sensor in PRTG, and plug the monitoring station into the monitor port on the switch. This is what I do in my office. It's cheap and dirty but it does the job.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
0

The easiest way would be to monitor the ports on all of your switches using Cacti or some other MRTG type system. That way you can how much traffic each port is doing and narrow it down.

You'll see lots of local traffic as well, but you should be able to match the spike on the internet port with the spike on one of your switch ports.

Alo
  • 240
  • 1
  • 7