Question : can the netstat results help tell what using up my bandwidth

Hi All

We a small network with small business server 2003 and 7 windows xp machines. lately we have been using more that 20gig of bandwidth a month and no one downloads or uploads anything out of the ordinary. i've also noticed that we used nearly 2gig over the weekend and there was no one around.

i've just installed net meter to try and confirm what the isp says we use but it won't tell me what or who is using what. i've gone on the server and run the netstat command but i don't really know how to interpret the results. i also wanted to know if, when I do interpret the results, they would be enough to give me an idea of what is using my bandwidth.

If not what can i do to get an idea of what happening to the bandwidth.

Answer : can the netstat results help tell what using up my bandwidth

Keep in mind if you have windows clients, they automatically download windows updates and anti-virus, anti-spam, and anti-intrusion signatures daily. Even just 7 clients downloading a full service pack can consume alot of bandwidth. If you use mail clients and you get lots of spam this could be involved. That being said, I would definitely stay on this issue if I were you and find out what is consuming the bandwidth, especially with SBS in the mix. Please tell me you are not using SBS to share the Internet connection and that you have a separate commercial or robust firewall with some sort of intrusion prevention. These types of devices are much less costly and easier to set up and use these days. A Cisco/Linksys business firewall/router with Intusion Detection and Anti-virus capability is less than $150 plus subscription to the updates. Exposing Exchange to inbound SMTP without a proxy or SMTP gateway in front of Exchange is asking for trouble. If you host your own mailserver with SBS, this traffic can be normal if you don't reject connections from probable spammers before the email is delivered. Email servers need multiple layers of defense these days.

Nice suggestion sameer, I think I am going to use that idea because one of my client's ISPs is not providing the full bandwidth of a Bonded T-1 (3.088 Mbps) Internet connection and they are saying they are and that we are just consuming all of the bandwidth even though I have never seen total bandwidth usage beyond about 2 Mbps. They wouldn't allow access to the router (that terminates the Bonded T-1), so I had to piece together utilization elsewhere.

If the ISP had given me SNMP access to this Internet router (access which we had before we complained about not getting full bandwidth), I would have known usage instantly without having to do much. But because I had to piece it together circumstantially, it required more time and complexity to get the answer. Pretty sure they are doing this to prevent being sued and having the contract voided because they are not providing what is being paid for. Just 1 more month till the contracts ends and they are outta there. BTW, the ISP is QuickConnect USA in case anybody is interested.

Your IAD (Internet Access Device) is the horses mouth in this situation and about the only thing that will give you the complete picture.

Random Solutions

Connecting a workgroup in multiple subnets.

Some clients have problem connect to our FTP site

Sipsak test call

Sharing scanner !!!

Domain Controller "remove primary controller from my network"

Two error running DCdiag i can't seem to fix.

Win 2003 Server DNS

Someone is using my e-mail address

Cisco ASA 5200 - Subinterfaces with VLAN's. Problem getting VLANS to communicate with one another.

How to avoid scanning email massage popup in System tray while sending mail using SMTP