How to Monitor Bandwidth usage in real terms

I have a small (windows) network with a few people on it.

We have internet access via a BT router

Generally things are all fine, but occasionally, we seem to experience a dramatic loss of bandwidth.

I could be suffering from a zombie PC or a user running torrent software... Or I could simply have some kind of restriction being placed on my by my ISP?

I want to find out what is going on.

Is there a simple tool which I can run to give me a real world (Which Apps on Which PCs) are using all the bandwidth at any given point?


I have used NetWorx to allow indiviual users to monitor their bandwidth use, and as it keeps good exportable logs it gives some useful statistics. Assuming the BT router you use supports it you can use PRTG or MRTG to actually monitor the usage on the WAN and possibly LAN ports.


In our office we had similar problems and began using MRTG to monitor the individual network ports on our core network switch. We knew who was connected to each port through our wiring diagram, and quickly identified a couple of people who were using "extreme" amounts of bandwidth. It turns out they were streaming torrents from the office, and we quickly put a stop to that (to save bandwidth and prevent legal liability). We still had some issues and that was narrowed down to our core router. Everything else in the office had been upgraded to a fully switched 100Mbps network, but our core router that handles NAT routing, etc. was still an older 10Mbps Cisco router. We replaced that with a newer router and our connectivity problems evaporated. We still monitor our core switch for any problems, and it has helped to identify a few people running software they shouldn't be. Looking at the ports on your switch and the traffic flowing through them should give you a great place to start though (you'll need a switch the supports SNMP for that).


What I use to diagnose these problems (ie, suddenly the bandwidth is being abused), I run iftop (http://www.ex-parrot.com/pdw/iftop/) on the router, if it's an unix machine. It provides you with a list of connections per interface per IP address which you can break down by port number.

So, this way you can find out what box is using most of the bandwidth, and if you have access to that box, correlating the port numbers on that box will let you know which process/application is abusive.

I know that's only valid if you are running a unix router, but pretty effective. For other setups, see other responses (like specialized hardware, snmp monitoring on the switches, etc)