cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
699
Views
0
Helpful
3
Replies

Monitoring and identifying users internet activity

JG1978
Level 1
Level 1

I am looking for any advice on how to better analyze what our users are doing on the internet.

In my environment we have branch offices that connect to our main office/data center. These connections vary from T-1 to 10Meg QMOE services.

The issue we have is that since we recently deployed Windows 8.1 and office 365, our users have been complaining of slow network speeds non-stop and business functions crawl to a halt (we run a CMS application for a state agency).

We currently use Ngenius/Netscout to monitor the bandwidth on our links. We know that most of this traffic is tied to Cloud servers/office 365 services but now and then we have users that just chew up the bandwidth using the "internet".

The problem is that our monitoring tool often time shows connections that we cannot nail down exactly what it is. For example it will give us just an IP and when I go do an ARIN look up, or GIS on the IP address, we usually receive vague results such as "century link" or "akamai".

Does anyone have any advice on how we can analyze this more thoroughly to figure out exactly what is happening? Of course we end up talking to the users but you cannot rely on their answers. Not everyone is going to admit what they are doing during work hours on-line. I also know that you can contact the ARIN registered POC for these places to ask for more records but that process is not feasible when we have several instances a day.

Anyone have ideas??

1 Accepted Solution

Accepted Solutions

Sorry checked with our security guy its bluecoat that provided visibility of urls and there very expensive but there is open source options online

View solution in original post

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

We use a software tool that macafee supply that allows our security engineers see exactly what websites users visit and other information , and on the network side we use netqos  to see when,what type of traffic,ip and how much there using and what protocols there using, from this we can setup qos,nbar and acls  on the cisco gear to restrict bandwidth or deny completly, we also use bluecoat devices at our edge

Can you give me the name of the Macafee tool?

 

Thanks for the input!

Sorry checked with our security guy its bluecoat that provided visibility of urls and there very expensive but there is open source options online

Review Cisco Networking for a $25 gift card