Networking → Re: Rogue/faulty device eating all bandwidth. Need to find it.

What Cisco router you have there? Model?
Do you have managed switch(es) there?

You need to deploy sniffer on LAN side and see where's the problem.
Alternatively, if the Cisco router supports SNMP and some nice stats you may be able to get info you need that way.

But managed switch with monitoring (sniffing, mirroring) port is what you need. You route all LAN through the switch, hook up wireshark to your monitoring port and examine all the traffic.

Thanks Brano! Total DUH on my part re Wireshark (tried SolarWinds NTA, and that didnt tell me anything unfortunately).

The Cisco is RV042.
No managed switches on the premises. Would need to buy one, any recommendations (unfortunately in our case the cheaper the better).

I have this one (and am very happy with it) »www.ncix.ca/products/?sk ··· oid=1448 ... it's one of the cheapest gigabit out there and will do what you need.
Manual here »ftp://ftp.dlink.com/Switch/dgs110016/

Plug your RV042 to it, all other LAN connections (direct or from other switches) as well.
Then designate one port as monitoring and connect to it from your sniffer machine running wireshark.

The switch has per-port stats, bandwidth management and more features that you can utilize to manage your issue.

There are more port versions available too (more expensive).

EDIT: There's a deal on this one now »www.ncix.ca/products/?sk ··· P%20Link ...mind this is 100meg and only 2 Gb ports. ...I've never used this one so can't provide recommendations.

That's a Linksys. If you had a Real Cisco(tm) (IOS, Pix, ASA) this would take seconds to track down... "sh ip nat tr" Why does Bob's computer have 8000 translations?

Also, with a managed switched and MRTG, you could see where all the traffic is going in an instant. (I also use netflow, so I know what you did last week.)