Articles

Slow Internet speed within LAN

April 23, 2009 at 19:35:33
Specs: Window XP, 512mb

This few months my company is having a slow internet speed no matter its downloading or uploading.I have already check with our ISP, they said that there isn't any problem with their line.I suspect someone within the company is downloading some movies using a p2p software or so. Do you guys know what kind of software that can detect which is jamming the line? Its better if its easy to use without many complicated settings. IF possible free or free trial.

Network structure.
ISP(provide 5 IP) > DSL Modem > Router (split to 5 IP. Different IP Address) >IP 1 (VPN=to block internet access) > Switchs1 and 2 > All PC(15.17.80.?) and (15.17.100.?) / IP 2,3,4 > Servers(15.17.?,?)

Computers.
Around 40 pc
Window Vista
Window XP
Window 2000
Window ME
Window 98
Window 95


See More: Slow Internet speed within LAN

Report •


#1
April 23, 2009 at 20:26:31

You have to use a sniffer like the free Wireshark.
But your switch needs to have a mirror port, to sniff the trafic. Otherwise, you will only get broadcasts sniffed by Wireshark or any other sniffer.

If you have any old HUB, you can connect between the router and the switch and connect the PC that should run the sniffer also to that hub, you'll get all trafic sniffed and can find out the guilty.

http://www.wireshark.org/

Please send a reply, if you solved the problem !!!


Report •

#2
April 23, 2009 at 23:04:50

1st thanks for the software.

2ndly i don't quite get it.(WireShark)

3rdly connect in between the router and switch?

If i connect in between the router and switch ill be connecting into the VPN Router.

If its possible could you teach me how to use wireshark's sniffer the easy way or step by step?


Report •

#3
April 24, 2009 at 02:48:16

Install wireshark
run it
capture-->interfaces
choose your active network adapter
click start
go to analyze--->display filters
click on "no arp"
click apply

then in the main screen watch all the protocols running if someone is downloading something you will see a fast stream of tcp data with descriptions like "next segment number 2324" etc etc.... should be obvious


Report •

Related Solutions

#4
April 24, 2009 at 07:54:35

1st thanks for the software.

2ndly i don't quite get it.(WireShark)

3rdly connect in between the router and switch?

If i connect in between the router and switch ill be connecting into the VPN Router.

If its possible could you teach me how to use wireshark's sniffer the easy way or step by step?

2) Download it and read through the manual for a better understanding of what it is, what it does, and how to do it

3) As paulsep said above:

"If you have any old HUB, you can connect between the router and the switch and connect the PC that should run the sniffer also to that hub, you'll get all trafic sniffed and can find out the guilty."

The reason being, a switch manages traffic intelligently. Which is to say, it sends traffic only to the port of the device said traffic is for. A hub on the other hand, broadcasts all traffic to all ports. This makes a hub the perfect device to use in combination with Wireshark to sniff packets and see who's doing what.

Simply put, if you put the hub in between your switch and your external connection then all external traffic will flow through it. If you connect your PC, or a laptop to that hub, and have Wireshark running on it, and run a packet capture. You can then after a short while, stop the capture and examine the packets. Find the ones with the data you think belongs to the P2P and check the IP address of it. Then go find the PC with that IP address and you should have your guilty party in hand.

With only 40 PC's though, it wouldn't take that long to go and have a look at the "Add/Remove Software" applet in the Control Panel of each for P2P software.


Report •

#5
April 24, 2009 at 08:02:44

One possible problem with the hub solution is that it will add some overhead maybe not enough to bother with though depeding on the size of network.

Report •

#6
April 24, 2009 at 10:26:47

@andynet

There is only a little bit of overhead because the hub is connected between the switches and the router.
So it doesn't matter.

Please send a reply, if you solved the problem !!!


Report •

#7
April 26, 2009 at 18:29:09

I've caught the culprit but i still don't know which PC because the IP is unknown to my given IP. Probaly someone changed the its own IP.
Thanks for the tips guys.

There is one more thing that i dont understand.
What is:
[TCP Segment of a resembled PDU] Green

49215 > HTTP [ACK] Seg=490 Ack =1693 Win=16685 [TCP CHECKSUM INCORRECT] Len=0 Black

QICQ protocol black

Source port:16001 destination port: 62934 (UDP CHECKSUM INCORRECT)

Whats does all this means? Its actually at my ip!


Report •


Ask Question