How can I tell who's torrenting on my network?

[banscare]

Hello everyone,

I am on a domain with about 30 clients with SBS 2008 as our Server/DC. I was just wondering if there is a way to see who’s doing things they should not be doing such as torrenting. I don't necessarily want to block torrenting but I would just like to see what’s going on throughout my network. If I have to purchase third party software I will but I would prefer a windows administration based solution.

Other info that might help;
Everyone is using static IP's
DHCP/DNS is off on the server and is enabled on our gateway
We have a mix of XP and Windows 7 client machines
Our gateway is a basic firewall router so there is no bells and whistles like content control, etc.

Sorry If I left anything out

Thanks!

 

[Dark Lord of Tech]

http://www.softperfect.com/products/networx/

 

[banscare]

http://www.softperfect.com/products/networx/

Thanks for the speedy response. From what I can tell I would have to install this software on each client machine. I was hoping to have something along the lines of remote software that would not be client based and would reside on the server. My apologies if I was not clear in my original post or if I am mistaken on how to use bandwidth monitor.

 

[davidgermain]

if you have a 'Switch' on your network you may have some issues, as packets go from source to client without a server in the chain.
Some managed switches have the ability to use one of the ports as an admin/analysis port which then lets you look at all the traffic on the network. last time i played with this was a long time ago and this can be quite expensive.
You could also just block the common port the torrent clients use, or block all the ports on the incoming connection apart from the one you need like HTTP,HTTPS, port 21 FTP ect. Personally i would pick this option.
If this is a big issue for you and your network you need to have a usage policy signed by all the clients, this is a legal document so needs proper work in drawing them up.

You may find this usefull
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

[Guest]

Quick and Dirty - Install Wireshark (http://www.wireshark.org/) - Put a hub between the switch and the router, connect a PC or laptop here and sniff the data in Wireshark as it comes across to the router.

Or as David suggests see if your switch supports port mirroring or similar technologies.

 

[banscare]

if you have a 'Switch' on your network you may have some issues, as packets go from source to client without a server in the chain.
Some managed switches have the ability to use one of the ports as an admin/analysis port which then lets you look at all the traffic on the network. last time i played with this was a long time ago and this can be quite expensive.
You could also just block the common port the torrent clients use, or block all the ports on the incoming connection apart from the one you need like HTTP,HTTPS, port 21 FTP ect. Personally i would pick this option.
If this is a big issue for you and your network you need to have a usage policy signed by all the clients, this is a legal document so needs proper work in drawing them up.

You may find this usefull
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Thanks for the reply David,

We do have a switch connected directly after the gateway and unfortunately it does not have the ability to analyze traffic 🙁 If I upgraded to a managed switch I would be able to use analysis software? Currently I do block port 21 but it is a pain to unblock or reconfigure ftp clients when files have to be transferred to clients as we use FTP as a transport method.

Our "new employee user agreement" needs to be revised to include specifics about torrenting because at the time it was created torrenting was un-heard of. I don’t think this would really prevent the problem with our particular group of employees.

What about a software tool that would simply tell me what programs are installed on each client? This might be an easier route. If I see bitlord or something I can approach the user. Come to think of it, there might be a management tool in SBS to do this. Hmm...

 

[olin9]

SMS windows server can tell you what is installed on each client.

 

[banscare]

Quick and Dirty - Install Wireshark (http://www.wireshark.org/) - Put a hub between the switch and the router, connect a PC or laptop here and sniff the data in Wireshark as it comes across to the router.

Or as David suggests see if your switch supports port mirroring or similar technologies.

Thanks for the reply Mal, I missed it yesterday.

Your solution is very simple and seems to work well for what I need. Thanks. I am also using the management console in SBS to see what programs are installed. I think this issue is closed!

Thanks again guys

 

[banscare]

Best answer selected by banscare.