The search for out Bandwidth

Printable View

11-09-2010, 04:28 PM
Gingbeard

The search for out Bandwidth

Hi all,
I'm back after a long break from backtrack.
Originally I used it to prove how insecure our WEP network was! but now I have a new problem that I hope Backtrack can help me with.

Our office consists of many PC's, using D-Link Switches to connect to our router using ethernet (we binned wireless).

recently out network has been sapped at seemingly random intervals during the day. With pings to bbc reaching 1500ms. My aim is is to pinpoint where the bandwidth is going! and to which PC.

Is there a way that backtrack can help me with this. A solution or a point in the right direction would be much appreciated and lesson my time on google.
11-09-2010, 05:06 PM
Citruspers

Re: The search for out Bandwidth

First thing that comes to mind is placing a hub between the main line to the router and the router itself, and connecting to that hub with a PC running Wireshark. That allows you to see what everyone is doing. My guess: employees on youtube.

Also, it's probably illegal to sniff traffic without informing your employees.
11-09-2010, 06:38 PM
MS3FGX

Re: The search for out Bandwidth

What kind of router is it? Are we talking about a serious router (I.E. something running IOS) or just a consumer grade "wireless router" type device? If the latter, is it a model compatible with a more complete firmware like DD-WRT, which could be used to do more advanced traffic analysis?

If you can't do anything from the router, you will have to somehow get in between the computers on the network and the router. I would use an Ethernet tap personally, but if you don't have one, a hub will work like Citruspers explained in his post.

Alternately, if you got a box with two network cards running BT, you could route traffic directly through the machine. You could also attempt to ARP spoof the network and redirect all requests for the router to go to your machine first, then forward them along to the router and ultimately the Internet. In either of those scenarios, all traffic on the LAN would go directly through the machine running BT, so you could do any kind of analysis (or blocking, for that matter) you wish.
11-09-2010, 10:16 PM
lupin

Re: The search for out Bandwidth

I would hazard a guess that there are many better choices of system to troubleshoot a network connectivity/performance problem than BackTrack, which is after all primarily a penetration testing distribution. I'd suggest you post this question at a forum dedicated to network issues, or otherwise research in that direction. Laura Chappell's various sites have some good information on network troubleshooting (often using Wireshark), so maybe you should start Googling in that direction.

This is not really a suitable topic for this forum.