Need help to monitor internet usage in my LAN

[shejin]

Hi,

I have a small Network at my office, all done by myself with my limited knowledge. I have 9 systems connected thru physical LAN and 1 laptop connected through Wireless (from my internet router)

I have distributed the internet connection openly, not using a proxy server. Anyone plugs in will get Internet on their system through the DHCP.

Recently I found that internet usage been crossing the limits. I am looking for a cheap solution to sniff/monitor internet/bandwidth usage system wise.

My LAN architecture goes like this...
I have a internet router (Linksys/Cisco WRT 120N) from which the cable goes to an un-managed 8 port switch.
I have three different areas in my office, so I pulled single cable to each of these areas and there I used another un-managed 8 port switch to distribute the LAN to the systems. All the three areas I did like this. Pls find the graphical pattern attached.

If I am right, bcs of my architecture pattern I dont think I can use a managed switch to capture Internet traffic, which captures the traffic port wise. I want to sniff the traffic by the IP or MAC address wise of the systems.

Suggestions/help will be much appreciated !!

Thanks in advance..
Shejin Thamby

 

[thiggins]

You will find that "sniffing" traffic will overwhelm you with data. What kind of information are you looking for and what controls do you want?

An easy first step is to switch to OpenDNS for DNS. You can do this at the router level. Then block port 53 at the router so that users cannot set their own DNS servers.
https://www.opendns.com/business-solutions/premium-dns/benefits/

 

[tipstir]

You could beef up the router and get one to control and monitor packets (data coming in and out) You can see who's accessing social networks an etc. Block IP or Web Sites you don't want these 9 systems to access. Another way is to block the sites through Group Policy or use one PC as


Kerio Control Web Filter

Kerio Control Web Filter service prevents users from visiting websites that are known to contain malicious content, including viruses, spyware, Trojans, or web pages that engage in phishing attacks or online identity theft.

Kerio Control Web Filter, integrated as a security service in Kerio Control, organizes sites into 141 different categories of web content. Administrators block or log access to sites based on specific content categories.

http://www.kerio.com/control/user-management/web-filter

Kerio Control Statistics
Network statistics
and user-based reporting
http://www.kerio.com/control/user-management/statistics-reporting

 

[stevech]

use websense?

 

[George5164]

It Is a big job

HI: I am using a Cisco SG 200-08 smart switch to monitor LAN traffic to the internet. It does work perfectly and it does produce a lot of data. Wireshark is the software (free) of choice, I am still looking for a way to convert the Wireshark file output from binary format to text so that I can determine the traffic action for each IP on my LAN. WE use a satellite ISP and need to control traffic levels to avoid additional charges.

Our WAN LAN connections are as follows: The satellite dish is connected to a Surfbeam modem connected to the WAN port of a Netgear 3700 router. LAN port 1 of the router is connected to LAN port one of the smart switch and LAN port 1 of the smart switch is MIRRORED to LAN port 8 of the smart switch. LAN port 8 of the smart switch is connected to the second NIC card in my PC. Wireshark monitors that second NIC in my PC. All of the other devices on our LAN are connected to the smart switch directly or through other unmanaged switches. There are 17 devices connected to our LAN. All NICs switches and routers are giga bit devices. LAN port one of the smart switch is set to 10/100 speed to limite the transfer rate attempted on the satellite up-link.

Wireshark has excellent filtering abilities on capturing and a very good file system for recording captures. One needs to be able to process those files automatically every day so as to not consume the HD space on the monitoring system and to get useful data from the exercise. I plan to use Liberty Basic to process the capture files and then delete them daily once I learn how to convert the Wireshark *.pcap to *.txt files.

I look forward to hearing about how you succeed with this task and about any other suggestions members may have. George5164