1

I have a LAN which has about forty wired clients and a few wireless clients connecting to a server running Server 2012. All clients can connect either wirelessly or wired, depending on whether or not there is a convenient network port within two metres. The setup is as follows. Phone line comes in to DSL router, this then plugs in to NIC#1 on the server. Line runs from NIC#2 to switch which then branches out to two other switches (and from there, wall sockets) and WAP.

#
#
#---DSL Router---(NIC#1)Server(NIC#2)---SWITCH1---SWITCH2---SWITCH3---WAP
#
#

Every user/machine is authenticated by Active Directory and users do not have software install privileges (although they can bypass it in VMs if they have the tech knowhow I suppose). I want to know how I can monitor the bandwidth on each client/user as my boss is complaining that his IT provider is giving him grief for exceeding their 'fair usage' policy. Not sure what is sucking all that data, WireShark hasn't been much help in IDing any rogue programs as yet, but I'm sure If I can tie it down to a single PC (or two), I can investigate further.

This will need to be achieved by running software on the Server 2012 machine. Any ideas?

Thanks Mark

TessellatingHeckler
  • 5,726
  • 3
  • 26
  • 44
Mark
  • 11
  • 1
  • 2
    Your wireshark packet capture, if performed on the internal interface of your server, can help you identify the systems that are sending the most data. Beyond that, you're looking at installing and configuring something like Cacti to monitor your switch ports. – EEAA Oct 07 '15 at 14:56
  • I tried to run 'perfmon' and set up counters showing the live network adapter bandwidth per networked PC, but am getting various errors such as 'cannot load counters' even if I run it from an an administrator command prompt... – Mark Oct 07 '15 at 15:43
  • How might I configure WireShark to display bandwidth per IP address? – Mark Oct 07 '15 at 15:59
  • Buy a proper router like mikrotik 951 which will give you proper statistics and graphs an can also forward netflow packets. Terminate the ppp from the DSL modem on the router. – sivann Oct 07 '15 at 16:13
  • Okay, I read up a little on the other functions of WireShark and ran it for a an hour, used up about 4 GB transferred, so definitely something squirly - Under 'Protocol Hierarchy' it gives me 24% bytes SSL connections and 5% of bytes transferred over something called QUIC and 1% of bytes over HTTP. Don't understand why it doesn't add up or what the hell is causing all these QUIC packets... Google didn't help. Any ideas? – Mark Oct 08 '15 at 10:17

0 Answers0