Local Subnet Traffic Monitor

February 12, 2009 at 06:27:16
Specs: Windows Vista 64, E8400
Hi Guys:

Setup as following
PCs <--> Wireless Router <--> Modem <--> ISP

I have control up to the ISP level.

I am getting an issue where one of the PCs in the subnet is consistently generating a lot of traffic that is clogging up the bandwidth. Without further information, it is near impossible to point finger at any one of the computers.

I would like to setup some kind of monitoring using consumer grade products (i.e. no commercial grade expensive switches, router... etc). I delve into the articles about port mirroring, packet sniffing... but these are not possible in the consumer grade hardware these days, especially nobody sell a hub anymore (otherwise my original idea is to use a hub between router and model to do packet sniffing).

Any suggestions on how I can approach monitoring the traffic? I will appreciate your response beforehand.

p.s. On the side unrelated to the question, if anybody can tell me why nobody sells a hub anymore and what product has replaced it I'd be interested.

Thanks guys.

See More: Local Subnet Traffic Monitor

Report •

February 12, 2009 at 07:02:20
Wireshark will do all the packet sniffing without buying any commercial grade hardware. It will work on your current network.

Switches have replaced hubs but you don't need one.

Report •

February 12, 2009 at 07:22:41
I am aware of the wireshark software, however what troubles me is that if the packets are not broadcasted to all the ports (exactly the case with router and switches because of their smart logics) there is no telling of what's going out the router. As a result even though one has the software you can't do any monitoring.

If you can can you provide the setup and/or tutorial links (I did googled but did not find anything relevant)

Report •

February 12, 2009 at 08:11:58
I would like to suggest there may be less complicated ways of tracking down the bandwidth hog.

Look at your router. My soho router listes packets send/recieved on each port along with error count.

Otherwise if you had a managed switch you could see the same stats also.

It is very easy then to see who is doing the most transmitting.

Report •

Related Solutions

February 12, 2009 at 15:54:17
It took me some time to get the hang of Wireshark too. Promiscuious mode should capture anything on the network or you can use host $IP_address$ as the capture filter. Replace that $IP_address$ with the IP of the computer that you think is overloading the network.

Of course, if you can find an easier way, as wanderer suggested, by all means, do it.

Report •

Ask Question