Need computer to monitor all network traffic.

Ballbreaker · Nov 10, 2016

We have a 60 Mbps internet connection feeding router. The router then feeds a switch on each floor of 7 floor condo building. Currently all 65 condos receive full bandwidth so service is great except when one of a very small minority decides to hog bandwidth. We want to use computer to run Wireshark or similar software to help identify bandwidth hogs by IP address.

What spec computer do I need to monitor all traffic on 100 Mb CAT 5 LAN?

jsmithepa · Nov 11, 2016

To monitor Internet traffic, a hardware firewall should do the job, since it SITS exactly on top of the Internet pipe. Its logging capability should have what you need. Perhaps one of those Internet Appliances (usd$150-$500)+65 users license. Or you can build one your own out of pfsense I hear.

Now to be one step ahead of the game, once you find out who, what are you going to do about it? How about a load balancer? So you can say, when congested, no single user can take more than 1/65 of the total bandwidth?

nigelivey · Nov 11, 2016

Monitoring bandwidth and shaping it are two very different things. You could use port mirroring on a switch to capture what people are up to but you couldnt limit it. The solution above is correct. Pfsense handles this scenario very well and an old pc can be re-tasked to run it. Just limiting bandwidth isn't idea as it isn't very efficient, Pfsense will allow limiting with Qs so that people can use total available bandwidth rather than a fixed division of the whole.

nigelivey · Nov 11, 2016

An old dual core, 4Gig of ram at least 2xnics and a small hdd/sdd. Pfsense is a free distribution. (BSD)

bill001g · Nov 11, 2016

The above recommendations are good but as a different maybe simpler option of how do you use wireshark you can insert some form of managed or smart switch between your router and the remote switches. It need to have the ability to use mirror/monitor or whatever they call the ability to copy all the data to a second port you have a monitoring pc connected to.

Still I suspect your larger problem is only having 60m of internet. It may not be just one or two people doing this. The use of sites like netflix and others streaming video is huge. It does not take many people deciding they want to watch a movie after work to wipe out a internet connection. It is not uncommon for multiple people in the same house to be watching different movies at the same time.

You really need the ability to be able to guarantee at least 5m minimum to each which means your internet needs to be closer to 300m. That will not last long though as the popularity of 4k movies increases. Those take 20mbit on netflix.

nigelivey · Nov 11, 2016

As stated above port mirroring will only allow you to monitor as the traffic doesn't pass through the port. 60Mb is indeed an issue even with contention. 65 Condos? Even with just a couple in each not counting children it's a push.

Do you sell this service to the inhabitants? What sort of security do you have on the switches or router to prevent condo 1 seeing information from condo 30???

I'm sticking with Pfsense as a solution to all the problems you are facing but I would be interested how you are trunking the switches on each floor? Is this just a flat topology?

Pf would allow you to segregate the network to provide better security and reduce network overhead thus preserving bandwidth. It would allow you to control user bandwidth so that when few people consuming bandwidth they can share the 60Mb but when saturated a fair use policy is in effect. The point of the Qs is that instead of a flat 1Mb per user limit it round robins the bandwidth so that it dynamically bursts connections. This way the full force of the limit is rarely felt.

If you are selling the service make it worthwhile, charge extra and bring in a second 60Mb line!

Ballbreaker · Nov 12, 2016

jsmithepa :

We have decided against hardware solution because we need a new computer for extracting billing info from PBX system and thought it could do double duty with network issues.

Our router has bandwidth management using rate control(by IP address or services) and priority(for services) management so we will use one of those options.

Ballbreaker · Nov 12, 2016

nigelivey :

Our router has bandwidth management using rate control(by IP address or services) and priority(for services) management. Will use one of the two options.

Ballbreaker · Nov 12, 2016

nigelivey :

Are you talking about one of the older Intel Pentium 2 cores or one of the i3 series?

Ballbreaker · Nov 12, 2016

bill001g :

Like the idea of managed switch after router.

The 60Mbps service is adequate for the demographics of our building which is located in foreign country. General speaking we usually don't have problems but we want to stream line troubleshooting to ID the condo by IP address.

Ballbreaker · Nov 12, 2016

nigelivey :

60Mbps service is adequate for the demographics of our building which is located in foreign country and has been adequate for several years. Its rare we have a problem.

In a way we are selling the service but its at cost. Since we are a condo associations its considered common services and cost is passed on condo owners. At current exchange rates its cost each owner $5 dollars a month.

We have a switch (unmanaged) on each floor and I thought switches routed traffic based on NIC address which should prevent condo 1 seeing condo 30 traffic.

Our router has bandwidth management using rate control(by IP address or services) or priority(for services) management. In the past bandwidth management has ever been used but we are now considering which options we will use.

nigelivey · Nov 13, 2016

Ballbreaker :

nigelivey :

60Mbps service is adequate for the demographics of our building which is located in foreign country and has been adequate for several years. Its rare we have a problem.

In a way we are selling the service but its at cost. Since we are a condo associations its considered common services and cost is passed on condo owners. At current exchange rates its cost each owner $5 dollars a month.

We have a switch (unmanaged) on each floor and I thought switches routed traffic based on NIC address which should prevent condo 1 seeing condo 30 traffic.

Our router has bandwidth management using rate control(by IP address or services) or priority(for services) management. In the past bandwidth management has ever been used but we are now considering which options we will use.

If the topology is flat ie running on unmanaged L2 switches there is nothing segregating 1 condo from the next. What router do you use on the incoming line before it is distributed to the switches on each floor? What IP scheme is being used?

Bruce Geng · Nov 13, 2016

No core three-layer switch? The best solution is to setup a mirroring port in switch, and run wireshark or "WFilter" in a pc connected to the mirroring port to monitor clients bandwidth.

However, since you do not have a manageble switch, you have three solutions:
1. Setup a windows network bridge, connected between your router and first switch. So you can run program in the windows pc for monitoring.
2. Setup a linux network bridge, with some firewall firmware, like "WFilter NG firewall", or pfsense.
3. Get a managable switch.

Ballbreaker · Nov 13, 2016

nigelivey :

Ballbreaker :

If the topology is flat ie running on unmanaged L2 switches there is nothing segregating 1 condo from the next. What router do you use on the incoming line before it is distributed to the switches on each floor? What IP scheme is being used?

Incoming lines (two 30/5 Mbps lines) are connected to Linksys RV082 dual WAN 8 port router. Router is configured to load balance between incoming lines. The DHCP server is enabled but going to static addresses is being considered.

I think with managed switch after router we will be able to monitor traffic and id which IP and type of service is hogging bandwidth. We would then try some of the QoS features in router to minimize problem.

Its been over a year since we had this problem and its usually caused by a renter.

nigelivey · Nov 15, 2016

Ballbreaker :

nigelivey :

Incoming lines (two 30/5 Mbps lines) are connected to Linksys RV082 dual WAN 8 port router. Router is configured to load balance between incoming lines. The DHCP server is enabled but going to static addresses is being considered.

I think with managed switch after router we will be able to monitor traffic and id which IP and type of service is hogging bandwidth. We would then try some of the QoS features in router to minimize problem.

Its been over a year since we had this problem and its usually caused by a renter.

So every user is in fact on the same subnet, this is not a good idea as far as security is concerned, you really should break it up using vlans. It's a paid for service you have a duty to your customers. What would you think if your neighbors could see your devices, have the ability to sniff packets etc etc?

Ballbreaker · Nov 15, 2016

nigelivey :

Ballbreaker :

So every user is in fact on the same subnet, this is not a good idea as far as security is concerned, you really should break it up using vlans. It's a paid for service you have a duty to your customers. What would you think if your neighbors could see your devices, have the ability to sniff packets etc etc?

I finally see what your talking about. Downloaded nmap scanned the network and I can see every condo. Checked router and found it has vlan setting for each port and 7 ports that feed the seven floors were set to same vlan so I gave each port a different vlan number. Now the condo's on same floor can see each other but cannot see condo's on different floor.
Are managed switches the only option for each floor to prevent condo's on same floor from seeing each other?
Does having different vlans assigned help speed traffic flow on network?

Nigelivey thanks for all the useful information. If you have any further comments please share because I am a network newbie and learning on the fly.

Search

Need computer to monitor all network traffic.

Ballbreaker

Reputable

jsmithepa

Polypheme

nigelivey

Splendid

nigelivey

Splendid

bill001g

Titan

nigelivey

Splendid

Ballbreaker

Reputable

Ballbreaker

Reputable

Ballbreaker

Reputable

Ballbreaker

Reputable

Ballbreaker

Reputable

nigelivey

Splendid

Bruce Geng

Honorable

Ballbreaker

Reputable

nigelivey

Splendid

Ballbreaker

Reputable

TRENDING THREADS

Latest posts

Moderators online

Share this page