Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need to know what is going on !!! 1

Status
Not open for further replies.
Alboy

Alboy

Technical User
Nov 19, 2002
23
0
0
CA
Hi, I am newbies with sniffer. On our network, we have around 130 users. We have a 10 mbs internet connection with 40 Gb data that we can download without extra cost. Last month, we downloaded 90 Gb of data, so we have to pay extra money to our provider. My boss wants to know who is donwloading what (mp3 and movies i guest). We have a Pix firewall 515e and a lot of Hp switch. How can i do that ???
Thank you !!!
 
Sort by date Sort by votes
To see all the traffic going to and from the internet, the most effective place to "sniff" is on the ethernet side of the internet connection. You can do this in a number of ways;
1. Place a hub in line between the switch and firwall. (If the connection is full duplex, this is generally not recommended!)
2. Mirror a port on the switch to the sniffer
3. Put a tap in line.
To see what people are actually viewing or downloading;
1. Filter on HTTP and ftp
2. Then from the captured decode screen do a search for *.mpeg, *.mp3, etc etc in the detail text.

There's plenty of software available to soley monitor internet traffic, and in some instances reconstruct it!
Alf
 
Upvote 0 Downvote
Thank's for reply.
Whitch software do you recommand me to use. Is there one free ? More technicaly, can i snif a ip address (internet gateway) or do i have to be more specific and sniff a particular port of my switch (using the mac address) ? In the capture screen, will i be able to see whom is downloadind mp3 and so on that we can ask them some explanation and maybe charge them for the extra?? What do you meen by put a tap in line ?? Thank you. Sorry for my english !!! [peace]
 
Upvote 0 Downvote
If the router goes straight into the switch, span this port to your Sniffer. Then sniff the mac address of your router. If you use the address book feature of sniffer you will see the users using the internet.
A tap is a passive (promiscous) devise enabling you connect between 2 devices for monitoring. These are very useful in full-duplex environments.
With regard to internet monitoring software try;
1. 2. 3. 4. There are thousands available.
Alf
 
Upvote 0 Downvote
try using an application called ntop, is a linux script that gives the basics, top talkers and amount of traffic to each, urls hit, things downloaded and all that sort of stuff, its quite good for an overview of what is happeneing on your WAN segments.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

waydown
  • Locked
  • Question
Is public address static or not
Replies
0
Views
75
waydown
waydown
TTjames
  • Locked
  • Question
NetSaint no longer online
Replies
0
Views
55
TTjames
TTjames
Oleg11
  • Locked
  • Question
remote access to the computer
Replies
0
Views
58
Oleg11
Oleg11
dustbuster
  • Locked
  • Question
How to sever client connection based on timeout or bandwidth
Replies
0
Views
56
dustbuster
dustbuster
shedlord2
  • Locked
  • Question
Best (simple) sniffer to use for detecting illegal filesharing on a network?
Replies
1
Views
73
fortunat
fortunat

Part and Inventory Search

Sponsor

Back
Top