Over 1 million tech questions and answers.

network traffic analyzer

Q: network traffic analyzer

I'm looking for a good network analyzer software that allows me to monitor the network. maybe have some features on discovering devices, ports, bandwidth in a certain amount of time, etc. Thanks.

Preferred Solution: network traffic analyzer

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: network traffic analyzer

That would depend on the network topology. Any global network monitoring will have to be done with access to a common point where all the traffic converges. Addressed traffic between workstations will go directly between them via any switches and gateways in the path, so you can't do this with just a workstation.

Read other 1 answers

I want to capture both local and network traffic for connections and disconnections unrelated to http
Capture filter "(tcp.RST || tcp.SYN) && tcp.Port != 80 && tcp.Port != 443"

I found that I can do one or the other, but when I add both below, I capture neither ???
>> What is the trick to capturing both ?

Read other answers

My network seems to be slowing way down. I have basic networking knowledge and moderate Server knowledge. I, however, do not have very good analyzer skills.

Just like how we have an awsome sticky on RAID, I was wondering if we could have one on analyzing tools.

Personally I am looking for something either built into Server 2003, downloadable form Microsoft, or even free or expensive software that lets me monitor my network for traffic problems.

I am getting lots of users who are connected to a database on our server, and about every 5 minutes it looses the connection. I am trying to track the problem and don't know where to start.

Read other answers

Hi everyone!!!

I've been tasked with running message analyzer to determine if data is encrypted from an endpoint. We are using MBAM and want to ensure that any data sent to MBAM application server is encrypted. Now, we know it is via https, but, we still need to verify this
(for audit purposes).

Can anyone provide some insight as to how I could use microsoft message anaylzer (or perhaps something better) ?

We are planning to run a capture for 24 hours. We also want to ensure data is encrypted from app server to sql server. 

Thanks all! 

Read other answers

Hi guys,

I hope you guys could provide me with a few sites on

Traffic Generator Functions or Performance Analyzer

these are for networking, layer 1 and layer 2 switches
I cant seem to find any, so i hope you guys could help me out

Read other answers

I keep getting this alert despite the amount of resources that I add to my Gateway.  
Our DC and Gateway are running virtually in VMware.  Distributed Virtual Switches are not an option so I have to resort to configuring Promiscuous Port Group.  
I configured a Promiscuous Port Group on the same Virtual Switch that the DC (and the rest of our servers) is connected , and assigned it the same VLAN ID as the DC. 
ATA is capturing and reporting traffic but I continually receive an alert for some network traffic is not being analyzed.  I have thrown double the resources at our Gateway's
than what the sizing tool identified, and still receive this alert.  At this point I have 24GB of RAM and 10 Cores allocated to my Gateway which is only capturing reporting on 1 DC.  At this point I am about ready to scrap ATA because of how resource
intense it is.  
Any ideas or suggestions?  Does it sound like I have the Promiscuous Port Group configured correctly, or is it possible that I am capturing ALL traffic for the VLAN assigned?  

Read other answers

I've used Message Analyzer in the past to decrypt HTTPS traffic after importing the certificate used by the web server and it was a tremendous improvement over Netmon & NMDecrypt.    I'm looking at a trace I took of LDAPS traffic (TCP.port==636)
and the traffic after the SSL handshake Message Analyzer is not decrypting the traffic.   

Is the decryption sub-routines in Message Analyzer only supposed to work with HTTPS traffic, or should we be expecting to see success on LDAPS traffic as well?
Thank you,

Read other answers

Is there a good network traffic/broadband monitor that actually keeps track of ALL (really ALL) traffic in a network?
I have used quite a few (eg, Ethereal, ntop, network probe) but all of them kinda keep track of only traffic that is coming in and out of the PC they are run from.

I need one that really tracks every single transaction that goes on in the network, including PCs talking to PCs, PCs talking to servers, servers talking to PCs, PCs talking to printers, etc.

Would help a great deal if they are FREE too!

Anyone know of any good ones?

A:Network traffic/bandwidth monitor that tracks GLOBAL network traffic


You may find something here...


Read other 2 answers

Is is possible to monitor the DHCP server logs and traffic on a Windows 2012 R2 DHCP load balanced server using Message Analyzer?

Read other answers

Message Analyzer has not had any significant updates (apart from minor parser updates) for some time. The mechanism that out-of-the-box Message Analyzer uses to decrypt
TLS is based on access to the server certificate private key (and therefore does not work with ephemeral session keys). Since Message Analyzer is very flexible and configurable, I wanted to check whether it could be adapted to use SSLKEYLOGFILE information
and indeed the answer is yes.
The OPN programming language is Turing complete, but it would not be an ideal choice for implementing all of the necessary cryptographic routines that are needed for
this task ? it would be better to use existing cryptographic libraries. Fortunately OPN does include a mechanism for calling external routines ? the ?Handcoded? declaration:
binary DecryptData(string suite, byte ct, array<byte> ver, binary data, array<byte> key, array<byte> salt, ref array<byte>
iv, long ctr, out bool ok) with DeclarationInfo { Handcoded = true };
One simple way of using this is to place the ?Handcoded? definitions in a small OPN ?module?. The OPN has to be included as a resource in the DLL built from the ?Handcoded?
implementation. The resource is located by means of a .NET assembly level attribute:
[assembly: ExtensionOpnModel("TLSex.opn", false)]
The exposed hand-coded routine also needs to be decorated with attributes (for the containing ... Read more

Read other answers

Upgraded to Windows 10 today, and Message Analyzer no longer seems to be capturing traffic (build 4.0.7540.0).

Get-NetEventSession shows that there's a session running, but nothing shows up in the Message Analyzer window.

Read other answers

While I open my the ETL file captured in Windows 10, the PID/VID seems to be incorrect (compared to what I read in Network Monitor 3.4 and I plugged the devices myself, I know what's the right VID/PID).
I did discover there are some error messages in the log, and I only put two examples below,
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(173,45-173,62):  undeclared 'EventTemplate_130'
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(197,50-197,67):  undeclared 'EventTemplate_130'

Could you help me to understand what I should do to overcome it?

Read other answers

Is there a way to look inside GRE tunnel traffic captured with Wireshark in Message Analyzer? I'm troubleshooting a scenario where I need to correlate event log entries from a server with network trace captured on by another person using ERSPAN protocol.

Ivan Seriavin

Read other answers

Dear all,
it should be possible to
"Capture firewall discard Events - This feature allows you to discover how the firewall is affecting network traffic.  New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible
for dropping the message."
Does anybody of you know a little bit more about how Message Analyzer has to be configured to show which rule blocks (in my case Outbound) traffic?
This would be a great improvement to the pfirewall.log, where this important information is missing...
Best regards


Read other answers

I come to you as a PC ignoramus in need of some expert advice with regards to a serious issue I am facing,
I have had hackers completely takeover my network and have not only taken control of all webtraffic from the network on all devices but also have installed some form of software which stops me from changing AV etc,
Only reason I noticed is I went TCPview (Will attach pictures) and noticed these connections, i have tried reinstalling and it only comes on as soon as I connect to the network.
Also, I have run Spyhunter and it is consistently coming up with large amounts of cookies threats
Namely 207, Sex -??,
Name: Media
Path: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies::ipinfo_13054458043766831
Severdyby and numerous others
I have no idea what to do and need your assistance, Its much appreciated BC members
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Owner at 17:43:06 on 2014-09-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.6098.3272 [GMT 10:00]
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.... Read more

A:Complete Network takeover - Whole network traffic hijacked + PCs Infected HELP!!

Anyone able to help me?
Would be much appreciated

Read other 3 answers

I'm not sure if I'm trying to do the impossible but I'll explain the situation.

I have this roommate that is excessively consuming the majority of the networks bandwidth. I've blocked all service ports except for 443, 80, and a few other ones used for every day task. The problem is that he is still consuming a ton of bandwidth, I'm guessing by streaming or downloading through HTTP.

I have *two* WGR614v10 router, and a Realtek PCIe LAN card controller at my disposal. I attempted to set QoS settings on what we will call Base Router. That did not seem to do the trick because router QoS only blocks ports and slows upload speed. Since that did not work I hid the SSID/MAC filtered connections to the Base Router and then connected my computer to the Base Router and rebroadcasted the signal using a Secondary Router using a shared connection, which I gave him access to. The point of this was an attempt to control bandwidth through the Realtek LAN card; I am not having any luck with this though. I've set the adapter to 10Mbps at half duplex already.

Does anyone have any suggestions on what I can look into for limiting bandwidth? I want him to have Internet but not abuse it like he's doing because that is not what we agreed upon.

A:How to limit network traffic speeds with a network card?

If you want to solve the issue using your existing equipment, you can try dd-wrt on one WGR614v10. See this thread (DD-WRT Forum :: View topic - WGR614v10 Support - Jump to post 9) which claims that there is a dd-wrt flash for WNR1000v3 which works on WGR614v10. Then look a thread like this (DD-WRT Forum :: View topic - Steps for Permanently limit Bandwidth of a PC using DD-WRT ?) to setup the limits. You can start a new thread in those forums if you want someone to walk you thru the steps.

Or you can just buy a router/access point that has a bandwidth limiting feature for each SSID that it broadcasts.

Read other 2 answers

Ethereal: A Network Protocol Analyzer

Above is a link to ethereal. It is an excellent tool to analyze the packets sent and received by your machine. It is very interesting to look at and extremely helpful to diagnosis of problems in general.

There is a slight learning curve for how to use it well. But if you are of the type that would be interested in this kind of thing, I trust you are also of the type that can use it well.

For instance, you can see all the traffic on your local lan and what your computers are saying to each other. You can see how your router calls out to your machines to ensure they are still on the network. Lots of other cool things.

You can see when you start up certain software that they are trying to "call home" which many people find they do not like at all.

Play around with it some and you may be glad you have a new tool at your disposal. You could use it to capture all packets sent and received, for many different purposes, from any specific adapter. Perhaps you want to see what your computers are doing while you away or while another is using? Alright, that's a little shady though, heh heh.


A:Network analyzer and why you may want

The Product Formerly Known As Ethereal is now called "Wireshark".

Wireshark :: Go deep.

Read other 5 answers

I am wondering how I can use the above app on my i phone, but also in my home to make sure my wifi is operating correctly? I also would like to know if there might be a user-friendly version of how-to with this so-called app? Last night I ran a LAN scan on the app and found a couple IP addresses I didn't recognize. I appreciate everyone's help!

Read other answers

Any recommendation for a Network Bandwidth analyzer? I would like to find out who's using up all of the bandwidth in our network, from internet radio to gaming.

A:Network Bandwidth Analyzer or Logging

You can download wireshark. It is probably the best freeware network traffic analyzer.I

t will analyze all network traffic and the captured data can be filtered. It is fairly straightforward. Once you have got the hang, take a look around the options and you can graph captured traffic by endpoint IP, mac or by protocol, as well as top talkers. There are loads of tutorials freely available.

Wireshark has an impact on the network performance so it is best to choose a time when everyone is online and grab short captures - <5 minutes at intervals over a peak traffic hour. Don't leave it running indefinitely as the capture files get huge.

Read other 2 answers


I followed instructions in the 'Before posting HJT logfile' and am ready to go. Tried unsuccessfully by myself, now I'm asking for help. I was close to just reformatting since I figured I was due anyway....but would rather rid myself of this nasty little trojan who keeps coming back.

Thanks in advance....

P.S. This logfile is from HJT Analyzer

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe


... Read more

A:HJT Analyzer log, have ABI Network/Nail.exe MALWARE. any help appreciated

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security SuiteInstall ewido security suite
Launch ewido, there should be a big E icon on your desktop, double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand s... Read more

Read other 11 answers

Message Analyzer seems to have no print/export as CSV/TSV. 
Log parser 2.2 doesn't seem to understand .matp formats. 2.2 seems to be the latest version.
logparser -i:netmon "SELECT * INTO test.csv from test.matp
says "not recognized as a valid NetMon capture file"

Are there other tools? I'm surprised this is not a common request. 

Message Analyzer can export as .cap files, but these particular traces either export badly or the traffic is something that wireshark doesn't handle. MessageAnalyzer shows it as fairly standard TCP traffic, albeit to/from IPV4-loopback, which is the correct

Read other answers

My application does not have any network-like implementation except FlexNet Publisher for licensing. I expect it should connect only to license server.

When I use Microsoft Network Monitor then it shows only connections from/to my application and license server.

When I use Microsoft Message Analyzer then it shows enormous additional traffic for my application which I cannot explain. For example many events' source and destination do not match my local machine (BRWS/DNS/UDP modules), so it seems that my application
is kind of proxy (?) for them. Can anyone give some hints how to interpret Message Analyzer data, please?

Read other answers

Our network keeps experiencing intermittent outages throughout the office. When we go to particular websites, it times out when it used pull up the browser successfully. Other times, Office365 downloads are restricted to the point where I have to switch to our public network to download the Office365 software suite. It's not restricted to our internal LAN. However, this issue also pops up with the internal WLAN as well. From what I can tell, this issue started around the time our MSP installed their antivirus and anti-malware on all the machines including the servers. They also turned on the content filtering to restrict malware. Another thing is our office has maxed out on the voltage, I'm not sure if that's related to this issue. I thought I'd mention it.

Does anyone know of any network analyzing tools that are simple to use and will help me pinpoint the cause of the slow performance without an extended learning curve?

So far I'm looking at:

total network monitor
prtg network monitor
caspa free
LAN sweeper
manage engine netflow analyze
the dude
solarwinds netflow traffic analyzer

Thanks in advance

A:Network Analyzer to spot Bottlenecks and Internet Outages

I've used Wireshark before and possibly Solarwinds. I haven't used any of the others, so I can't comment on them.

Based on what I've seen from the programs I've used, even with the simplest network analyzer, you are still going to need to have a good understanding of networking. Otherwise, the tool won't be able to help you. This will require you to have the knowledge to analyze these packets yourself. The software will capture them, but it's still just a tool to aid you.

It can't hurt to try a free program (such as Wireshark), create a capture of when the network is running slow, and then analyze the capture yourself. If you can't find anything that would suggest an issue, you can always upload the capture to this site or any other site and have other people help you analyze it.

Read other 2 answers

I use NetMeter to monitor in and outbound traffic to my computer, and starting a coupple of months ago, every once and a while, a series of a thousand or so 2.25 to 3Mb/s upload spikes start, amounting for almost 1Gb per day!!!!!

the spikes occur every 20 seconds, like clockwork.

i'll post a screenshot from netmeter next time it happens.

the odd thing is, no antivirus i've tried has found anything! same goes for antispyware!

whenever i start deleteing processes from the process list, it stops, then comes back after a coupple of minutes! also, if i am running on wifi, plug in my network cable, wait for it to connect, and disable wifi, the pulses subside for a bit, then come back!

i'm concerned because of the incredible ammount of data involved, and, it seems to have been increasing iver the past month.

Luckily, all the important data on my machine is encrypted, but, if the spikes are a data transfer, encryption won't mean $#!7.

any ideas?
screenshot comming soon.

A:Odd network traffic

Read other 8 answers

Can anyone walk me through trying to fix my networking issue? Is that allowed in this section?

If so, I've got a computer connected to our network, and it's able to access all the other computers on the network, but trying to access it from the server and I get nothing. Even trying to ping it from the command prompt it times out. However, pinging the server from the computer it kicks back immediately. It's not a firewall issue because I've turned it off and still cannot connect to it from the server. I recently had to remove some scareware from this computer, and that's when the networking issue started.

Any ideas?

A:One-way traffic on a network



ICMP enabled, DHCP enabled, firewall off. Nothing doing. Workstation sees everything on the network and can access shared folders and ping all other workstations. But the rest of the workstations and the server "see" the troubled workstation, but cannot contact it.

Read other 18 answers

Dear All,

I want to monitor my network traffic. Which tool I will have to use for that and how to monitor network traffic. Please help me everyone because this is very important question which I will have to face in interview.

Thanks in advance

A:Network Traffic


Read other 2 answers


I have a LAN of about 10 computers and we conect to internet via a switch. I want a software to monitor which computer consumes internet speed

A:Network traffic

Would resmon not do the trick?

Read other 1 answers

I have about 300 computers on my network and want to isolate a department. That department is generating to much traffic. I don't know if I should use a bridge,Ethernet switch or create a workgroup for them. I still need the deparment to be on the same network.

Thank You,


A:Traffic on the Network

A workgroup won't really help with router traffic. It's just a logical arrangement for the computers.

I don't honestly know enough to say whether a bridge would be better, but I would think a switch would be more cost effective.

Hopefully someone with a bit more knowledge about this will reply soon.

Read other 2 answers

I have a computer that is experiencing much higher than expected network activity. Over the course of a 6 hour period, it received 1.7 GB of data and sent 300 GB; this is actually a mild sample of the last months issues. We have had the computer use as much as two gigs in an hour. It will use data whether people are working on it or not, as long as the computer is powered on.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by lks (administrator) on HANDSINHARMONY (30-03-2016 08:29:38)
Running from C:\Users\lks\Desktop
Loaded Profiles: lks & QBDataServiceUser22 (Available Profiles: lks & Lara & QBDataServiceUser22 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.)... Read more

A:Tons of network traffic...

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 3 answers

While I'm playing Battlefield 2, I get a warning of a connection problem. This lasts about 4 seconds, then again about 3 seconds after that. This used to happen once every half hour or so, but its become much more frequent, to the point where the game is unplayable.

I have a network meter gadget on the desktop and I've noticed a spike in traffic at about the same intervals. At first, I thought it was Skype or Avast to blame, but I can count them out after stopping each one.

I need some way to log which program accesses the network at what time, so I can compare the spikes to the correct time and hopefully find the program responsible. Is this possible?

A:Can network traffic be logged?

Here are a couple possibilities. I have used both with Windows XP Pro but tested neither with Windows 7.

Wireshark will log all packets, which will allow you to analyze what sites the traffic is to and examine the packets themselves to whatever depth you care to look. I've seen references to running this on Win 7, even 64-bit.

The SAX2 Intrusion Detection System is perhaps a simpler approach; it will show you the connections that are open and the number of packets sent to each connection. Vista is listed as a supported OS but I've seen no mention of Windows 7.

Read other 1 answers

I am going to be using a lot of unsecured wifi, and need to tunnel all my network traffic using SSH to a computer at my house. Does anyone know how to do this? I have read some guides, but they talk about only internet explorer and not everything I am sending out, including pings and DNS requests. Any help would be great.

Read other answers

Is there a way I can measure the bits/second going into/out of a given network port number - such as 9090? I need to separate the rate of network traffic going through port 9090 vs other ports (such as port 80, for example). 

Is there a program that will provide that information?

Read other answers

First off, I am not sure if this is where this post goes. This seems to be the best thread since my question sort of falls in the security side of things.

OK, say I have a network setup at my house. Someone brings over a laptop and plugs it into my network. Would it be possible to tell what program they are running on their computer from one of my computers without accessing their computer? Say, the program requires HTTPS port to remain open and the program runs non-stop while the computer is plugged in. Is there a way to figure out what program they are running or what website they are connecting to is?

A:Network Traffic Question.

Yes and no. If their computer has a firewall (and you don't have access to their computer), you cannot tell what programs they are running. That's one of the purposes of firewalls.

However, once they leave their computer, you can detect this.

One way is to put a sniffer on your network. That will tell you what traffic is passing by. Although there are plenty of free sniffers out there, very few will put your network card in promiscuous mode (the mode it needs to be in to see their traffic).

Second, try checking your router. Many keep logs of all the connections they make.

Third, install a proxy server. That way, all web traffic would have to hit the proxy in order to get out to the Internet. That way, you can see everything.

Finally, you could install a DNS server on your network and point everyone to it using whatever DHCP server you use. All requests for web traffic would then be routed through your DNS server which would cache the responses. I use one to speed up web browsing (my ISPs DNS servers are not that great), but you could use it to check traffic through the cache if you wanted to.

FYI: Most businesses use option 3.


Read other 2 answers


Let me just explain the situation before asking my question. In South Africa on the broadband lines, which our fastest is only half as fast as the slowest offered elsewhere in the world, we now have the added pleasure of hard capping. Meaning that when we hit our cap limit of 3Gb of data we get cut off from the net. No browsing of even local sites like it used to be. Lately on our account we've been getting downloads of around 144Mb a day. We're not on long enough between jobs to use that about of data transfer. I've been monitoring my bandwidth usage and i've yet to use 4Mb today.

So what i'm wanting to know is this. All our computers connect to the net through our server. I'm wanting a program to put on there to monitor who goes where, and how much they're downloading. The amount of data they're using is the most important part, we don't really mind where they're looking. There's only four of us so it's quite transparent what's happening around here.

Does anyone know of a decent package that can do this? Preferably something that won't break the bank.


A:Network traffic monitoring

Read other 7 answers

Hi Sirs,

Good day!

For those who encounter this kind of network problem, please help me solve mine.

My setup is like this;

Router - patchport - 48pins switch - patchport - 32 PC

My problem is if all the PC is open some of the PC will be disconnected to the mapped shared drive on network from a PC that is a server storage type but they are still connected to the internet. Sometimes also the internet connection of the server type storage PC itself will disconnect like an X in its network icon.

What could be the possible cause of this problem?

Thank you!

Best regards,

Read other answers

if I were to share a secured dsl wifi connection with someone else.. would it be possible for others on the network to sniff or through any other possible means available get access to passwords or content I browse???

A:Traffic Safety on a network

It is possible to have access to a DSL system via a router without sharing local files, after all this is what happens at every coffee shop with free Wifi access

The "trick" is to make sure that the network is set to private which will disable the file and printer sharing and network discovery (by default, unless this has been edited).

If you have an existing multiple user system where sharing is already set-up, and wish to add an extra system with just internet access you should, dependent on your router, be able to enable guest access to the net but with no sharing access, (this may be the best option as the security would be managed in the Router, and i's hardware firewall/NAT)

One thing to ensure whichever way you go is to use strong passwords on all systems and especially the router, (both the wireless security and the router admin account)

Read other 4 answers

I am having problems printing. I need to capture the traffic from the workstation across the network, to the printer. I believe the problem is actually with the printer itself (such as the nic card, or the system board) but I would like to have some to show the tech from the printer company as they have tried to blame it on our network in the past.

I assume what I need is a sniffer, but if there is one out there a little more user friendly then another that would help.

Thanks in advance

A:Capture network traffic

I use WireShark as a protocol sniffer.

Read other 1 answers


I would Like to know about freewares that allows me to observe activities in my network what and which program is using my internet connection weather it is in the background or foreground.

as an example. I have msn and firefox running, yet I would Like to know about background apps like the svchost. or any other things. I am not talking about spyware here but I am suspecting someone around my neighborhood using my internet connection without permission. though I have a firewall and wep encryption code on my router.

are there any suggestions to my solution here? is my first step correct?

A:network traffic abserving

Read other 13 answers

I have a Linksys wireless AP and 3 computers connected via wireless adapter. I want the main computer (the one with the DSL and AP connected to it) to have the most bandwidth. Is there a way to limit the 3 wireless clients so that they have a connection speed that is less than that of the main computer so they wont slow me down? Thanks

A:Limit network traffic.


Read other 1 answers

I've got a client who has his office in his home. Unfortunately, his two teenaged sons are also on the network with their own PC's. Last month there was over 200 GB's of traffic through the ISP. I've gone through the business end of the network and haven't found any viruses or spyware (due dilligence) and I know its those two little *$#^. Of course, the owner thinks the kids are the best thing since sliced bread, so he's pointing the finger at me. Soooo...I need to not only capture packets as they route through the server, but I need to determine the nature of the packets either via protocol or better yet application, and it would be nice to determine the IP they're coming from. I'm sure they're doing extensive file sharing, but other than getting onto their PC's I can't prove it.
Can someone suggest an app that can provide this kind of detail? I've tried Ethereal but I either dont' understand the logs or they simply don't provide the info I need.


A:Determining network traffic on LAN

I remember seeing hardware that does this for you, I forget the name of it but I'll look around.

Read other 3 answers

Hey guys I have an issue that im not sure is an issue but im pretty sure it is as my other pc isnt doing it. My computer constantly is sending and receiving data. even though im not downloading anything. or updating or am on any instant messenger, nothing is running that should need internet yet, constantly there is traffic.

Now I normally prolly wouldnt think much of it but i have another computer in the same state just sitting there doing nothing. So that worries me. Ive run AVG, Mcafee, Spybot and adaware and all of them turned up nothing (other than the usual like tracking cookies annd the sort). Anyone have any suggestions on what I could run next to try and resolve this please Thanks. Rlincoln24

Additionally if anyone knows of a tool that will allow me to monitor my network connection and see waht is using it where data is going and what not id appreciate it thanks.

A:Constant Network Traffic

Look in the Task Manager and see what applications and processes are running.

Read other 8 answers


I am a network administrator of a Software Company
and using Symentec Corporate Edition 2000.
It is updated on regural basis for every nodes on our
network and our network consists with one Cisco PIX
Firewall which is connected with Cisco switch and all
the computers are connected with the cisco switch.
Every Nodes on our network using PIX internal IP
Address i.e. as a Getway and accessing
broadband(256 KBps) internet, no Proxy is installed
over here.

Now the problem, that we are facing for last two days
are when more number of PCs are starting on LAN, the
packet broabcusting is increasing upto 900KBps which
is showing on firewall inside interface traffic
monitoring software and internet access speed is
becoming slow.

After Scaning all the machine no Virus or Spyware or
worm is being detected.

please help me by proper susession.


A:Network traffic problem

you may also want to use network monitor to find the problem.

here is the case study we had. quoted from http://www.howtonetworking.com/casestudy/spywareblockinternet1.htm

Case Study - Trojan and spyware block accessing the Internet

Situation: Small Company has a Linksys router connecting to the Internet. In the early morning, accessing to the Internet seems to work fine. After half hour or one hour, accessing to the Internet is slow and slower. Eventually, no one in the office can access the Internet. The temporary solution is reset the router or reboot all computers.

Investigation: 1. We checked and tested all hardware connections such as NIC and cabling. They are OK and they donít have any issues to share files and printers.

2. TCP/IP configuration looks good too. Used nslookup to check the status of DNS and it looked good.

3. Network Monitor and the log of the router listed a lot of packets sent to the router.

Resolution: Based on the Network Monitor and log, we found the problem computer with many Trojan and spyware. After we cleaned the computer and install a firewall, they donít have the same issue any more. A happy ending!

Related Topics

Troubleshooting Internet Access
Troubleshooting Spyware

Read other 3 answers


I have a client with a small workgroup network. There are 6 workstations all running Windows 98 SE, and they are using a PC running Windows XP as a file server.

They have a problem with a certain piece of software sticking at random intervals, it will stop responding for a certain amount of time, sometimes a few seconds and other times 10 minutes and then it will suddenly free up and start working again, there is no pattern to it and I cant find any way of replicating the problem. As far as I can tell its down to network bandwidth being eaten up by something on the network but would like to run some software to prove this correct, and obviously determain which machine is using all the bandwidth.

I would like to put some software on there network to monitor the amount of traffic being produced across the network by each workstation, and was wondering if anybody had any recomendations?



A:Network Traffic Monitoring

What kind of software is this?
Is it server based and accessed by the clients?
standalone installed only on the client PC's?
Does it utlize network resources when it is run?

But to answer your question, you can try ethereal (ethereal.com) a very good tool.

Read other 2 answers

I have 10 Windows XP Clients, 1 Windows 2000 Advanced Server configured as a domain controller, 1 Windows 2000 Advanced Server with SQL Server 7.0 installed and 1 Windows 2000 Workstation.

Here is the problem:

When the Win2000 workstation logs on in the morning and gets into the system, everyone else slows to almost a complete stop. If I unplug the Domain Controller after she logs on, everyone else speeds back up. If the domain controller is not plugged in the win2000 workstation can't log on. This is a serious problem and I can't figure out why the network would slow. My Domain Controller is the only machine with a 10 MBPS ethernet card. The SQL server sits outside the domain in a workgroup.

My boss is really pissed off because this has been going on for weeks now.

Please Help,



A:Network traffic problem

Read other 10 answers

I have a DI 804 Router
I had 2 computers connected to it
This morning i just connected a third one to it

And well, i notice that my ping is higher now in games

200 before

Around maybe 230 to 300 now

How can i fix this problem?

A:Network traffic? Lagging!

Let's move you to networking for better assistance.

Read other 1 answers


I have downloaded an SSH server called WinSSHD and an SSH client called Tunnelier. I'm attempting to have traffic encrypted on my home network.

The way i am attempting this is with a client to server setup, which means that traffic from laptop one is encrypted by the client which is also on laptop one, then sent to the server to be decrypted, and the server then sends that traffic to its final destination which is laptop two. The question i have is this... isn't this pointless if i have the ssh server on the same computer as the ssh client? Because then the traffic is sent to the client, encrypted, sent to the server, decrypted... all while being on my local machine! It's then tramsmitted unencrypted to the second laptop. Is that what happens? If i'm right about this, then are there any web based SSH servers which can be used instead of a local one installed on my machine? And i know a solution might be to install the server on laptop two, but this isn't how i'd like to achieve this.

Thanks for any repiles.

A:trying to encrypt network traffic using SSH

Only the portion of the traffic between Tunnelier and WinSSHD is encrypted. If Tunnelier and WinSSHD are on the same machine, then no external traffic is encrypted. In order to encrypt the network traffic, you need to install the SSH server on the machine you are accessing.

If you cannot do this, you need to install some crypto software on the destination machine, which crypto software needs to interoperate with the software installed on the source machine. I.e., if it's not SSH, then it needs to be something else, but whatever technology you choose, the crypto needs to be on both machines.

Using an internet server won't help you for encrypting local network traffic, unless, again, you install some software on both machines that accesses the internet server securely and passes the data through it. Such a solution will also be considerably slower than a straight LAN connection.

Read other 1 answers