I have a small Network at my office, all done by myself with my limited knowledge. I have 9 systems connected thru physical LAN and 1 laptop connected through Wireless (from my internet router)
I have distributed the internet connection openly, not using a proxy server. Anyone plugs in will get Internet on their system through the DHCP.
Recently I found that internet usage been crossing the limits. I am looking for a cheap solution to sniff/monitor internet/bandwidth usage system wise.
My LAN architecture goes like this...
I have a internet router (Linksys/Cisco WRT 120N) from which the cable goes to an un-managed 8 port switch.
I have three different areas in my office, so I pulled single cable to each of these areas and there I used another un-managed 8 port switch to distribute the LAN to the systems. All the three areas I did like this.
If I am right, bcs of my architecture pattern I dont think I can use a managed switch to capture Internet traffic, which captures the traffic port wise. I want to sniff the traffic by the IP or MAC address wise of the systems.
You can use a managed switch to capture the traffic you just have to put it in the correct location. You would want this to replace the switch that is just before your router. You would then capture traffic on the line going to the router.
This is the simplest method but the output from wireshark sometimes too detailed so you end up processing huge amounts of data. I would still recommend you go this route and spend the time to learn wireshark well.
Another method commonly used is to place a linux based machine between the top switch and the router. You could then see the traffic like wireshark or you could use something like a transparent squid proxy. This tends to be the next step most people have to take after they capture data. You will find out who is doing stuff but you have no way to stop them. You end up putting in a device like this to act as a form of firewall to filter traffic.
A last option that is used for longer term reporting is to run netflow. This again can be captured by a inline machine or you can run it on some routers, ones that run dd-wrt can generate a form of netflow. This is a simplified version of the capture data you can get with a sniffer.
Still when it comes down to is your problem is a people problem and not technical. If these are employees maybe a reminder that if you catch them doing stuff that is not allowed they are out the door.