I have about 120 machines on a off site location, with a 40mbit connection to the home office. Most of the internet usage should be connections to other companies networks via web + citrix but i know many ppl so surf the internet (Plus the usual copying between different file servers), so im wondering if i should install a proxy server for web traffic.
I have been checking out the network traffic with ProCurve Manager and i can see at times our traffic is using the entire connection but i have not been able to to see what kind of traffic or who is making the traffic ( Source IP that is).
so i was planning to the following:
1) Install a windows machine in between the ProCurv switch and the cirix thing that routes between this office and main office.
2) Find some sort of software that can monitor the traffic types and see if a proxy server would be helpfull.
3) Install proxy if that would help
On a side note this office has ppl from almost the entire world so everyone is not going to visit the same "news" page and so on.
Im wondering what kind of software would you guys recommend for checking the traffic over the 40mbit line? Im sure a lot of linux solutions exist, but im not that familular with the os. I found Capsa from the internet searching, and it seems to be able to do what i want, but its a bit overkill i think and a bit expensive for my usage ( considering im only gonna use it to check if i need a proxy )
EDIT: Spare machine is not a problem.
Ok, if you have a spare machine, look at doing something like PFSense.
This can be run from a live CD so no need to install and you can setup a router between your users and the "citrix thing".
You can then use this to investigate your network traffic so that you can then make an informed decision about what steps to take.
Putting a spare machine inbetween can be a pain, I recommend using the old faithful 100mb Hub inbetween your offices and hook a laptop with Ethereal or Wireshark this will let you see all traffic going accross the link.
You may want to look at your existing routers first. Most routers today, even el-cheapo ones, come with some basic traffic monitoring capabilities, QoS and what nots. So, you may be able to get away with just setting up the router to monitor/log the traffic.
Alternatively, you may want to try using something like Wireshark. Although primarily Linux based, it comes with a Windows version too.
If your routers are capable of exporting Netflow stats, I've had good results with that in the past. There are various tools available for analysing and presenting these, but Solarwinds have a freebie (http://www.petri.co.il/solarwinds-real-time-netflow-analyzer-free-download.htm) which may be good enough to get you started. Disclaimer: I haven't used the Solarwinds tool so I can't say "yea" or "nay" for certain on it.