desperate for help ...

Greetings everybody.....
let me get right to the point, my friend has asked me for a favor....he works in a small firm that has it's LAN connected to the net and they have been getting rather big bills from their ISP.As it seems his co-workers have been doing more that company related surfing and he has asked me to try to trace who is responsible for higher bandwidth consumption but I have a few restrictions:
1. No one will no I am doing it of course, besides my friend
2. It must be done from a new host imported to their LAN (a laptop), with some sort of network scanning method
3. The results must be logged somehow
4. If I have an option I would like to use windows based app (or apps) to handle this assignment

so...there you have it...any advice...please ?

knjaz_milos,

If all you want is to log what's going in and out the network then I'd surely recommend you the IRIS packet sniffer. Simply grab a hub and connect the cable modem, your main lan connection and laptop with the IRIS software sniffing the data.

Iris has a neat function, allowing you to 'view' the captured data by host and protocol/service. This way you can see what each person has been doing throughout the day, without them knowing.

The program runs under windows and has a easy to navigate and friendly interface, so you'll get it up and running in no time.

We've got a shareware version available in our download section, give it a go and if you require any help with, post your question right here.

Hope that helps.

Cheers,

Well man, another good option is Ethereal. Its a freeware, it does a good work. Give it a try and see.
Good luck
DavidKlose

Yep, I second Ethereal. Iris refuses to work on my pc for some reason. It always bombs out.

Another alternative to using a Hub would be to use port mirroring on the switch which services the LAN. Assuming that a switch is indeed used, and it supports this feature. Port mirroring enables a series of ports to have their traffic mirrored to a specific other port. By connecting your laptop to this other port and running your sniffer, you would see all the traffic on the ports being mirrored. Ofcourse, you would need to have management access to the switch in order to configure this. Best of luck.

Cheers.

IPtraf sounds like what you're looking for.

Basically ...I need an app that I can leave for couple of hours running and later to analyze the captured data.....with any ease if possible ))...to determine what was happening .