Problem solve Get help with specific problems with your technologies, process and projects.

Blocking online music access

While letting employees listen to music online may seem like a harmless way to boost morale, streaming audio drains network bandwidth. In this tip, your peers offer advice, tools and tactics you can use to protect your T1 and prevent users from accessing steaming media Web sites.

ITKnowledge Exchange (ITKE) member TheVyrys wanted to know whether or not to block users from listening to streaming radio, and fellow techies offered their suggestions. Here is a portion of the conversation. You can read the rest of the thread on ITKnowledge Exchange.

Want to join in on a similar conversation? Register for ITKnowledge Exchange and fill out your profile so you can ask specific sets of people your IT questions and help out your fellow geeks. Anyone can read answers already provided to questions, but only registered ITKnowledge Exchange members can ask questions or add to threads.

ITKnowledge Exchange member "TheVyrys" asked:
I have some users who listen to online radio stations. I asked them to stop because I assume it uses up a fair amount of bandwidth. Is that correct? Also, other than purchasing and installing software, is there a way to block Internet music access? I can't remove their Internet access, because it is a vital part of their job functions.

ITKE member petroleumman advised:
Online radio stations really are very lightweight and will not use much bandwidth on a network. The only way you'd have an issue is if your bandwidth situation is critical to begin with. We have many users in our environment who like to listen to music and allowing them access gives them a small freedom which can go a long way to having a happier office.

If you're set on stopping it, however, use your firewall or ISA server to block ports that the media sources are using or create a filter to prevent certain file types from getting in. Halting traffic at the gateway is a more efficient approach than filtering from the inside.

ITKE member Almac advised:
In general, listening to music is not a big issue. However, I've had instances where listeners were used as "re-broadcasters" for other listeners. An audit of our bandwidth usage showed that one instance of "re-broadcasting" used half of the bandwidth on my T1.

What is your company's policy regarding listening to music? It is hard to enforce something if it isn't in writing. Our usage policy specifically prohibits listening to online music in the workplace. I used Group Policy to remove music players and I audit weekly to ensure it stays removed. We now play background music in the building, and users recommend the stations we play. The result has been no online music listening.

ITKE member astronomer advised:
We had problems with downloads and streaming music in particular. Our three T1s were saturated to the point that our business software became unusable. Since the current streaming protocols use port 80 to get through firewalls, we were forced to use two strategies. We blocked some sites and forced users to use a squid proxy, which limits individual download speeds so the Internet pipe isn't saturated. We also considered using the new class of traffic shapers that inspect the traffic up to Layer 7. This allows you to control traffic by application. We didn't buy the product because of the price, but it is worth looking at.

ITKE member bigshybear advised:
Yes, streaming audio takes up bandwidth -- 56 kilobytes per second (KBps) to 128 KBps per person -- and it's a constant load; it doesn't spike like normal Internet usage. If you have a T1 and six people are streaming at 128 KBps, that's half of your bandwidth. Ouch.

More on this topic

Monitor your traffic with MRTG

Understanding network traffic flow analysis

If your firewall has the capability, you can block .wav, .mp3, .ram and .rm files, as well as most Web sites. If not, you have to start doing some investigating. My recommendation is first, find out what your WAN bandwidth utilization really is. If you have a Cisco router connected to a T1 or a fractional T1, I've found the PRTG (Paessler Traffic Grapher) useful. The freeware version will give you a graphic of bandwidth utilization for up to three Cisco routers. Once you've figured out your bandwidth utilization, compare it with your available bandwidth to determine if you have a problem. Then decide if you need to spend the time involved in investigating it. If you find that you do, you have to find out who is using the bandwidth. Some firewalls give you this information, but some don't. You may need to use a sniffer -- Ethereal is excellent and free. Once you find the culprit, you can either talk to them directly or set up a block list in the firewall to block the radio site. (Ethereal comes in handy here, it can give you the originating Web site IP address for your block list.) My experience is that my block list rapidly gets long as the offending person shifts from site to site to site as they hunt for stations that work. You will have to check often for at least one to two weeks before people start giving up.

Be aware of the political issue of whether or not you have the authority to cut off users' Internet radio. You may have to get allies in management. Reminding them how much more bandwidth would cost always seems to work well.

ITKE member HumbleNetAdmin advised:
The greater problem is whether or not you have backing from management. If your company doesn't have a policy and/or you run into trouble blocking usage, gather information to back up your claim. Don't just tell management that you feel the usage is consuming too much bandwidth, show them. Using tools such as PRTG, you can monitor network traffic on everything -- servers, routers, firewalls -- and even end users' PCs.

I started seeing the problem of high bandwidth usage on incoming traffic that was not in keeping with the norm. After investigating, I was able to show management that users' accessing streaming audio was consuming bandwidth. The powers that be took an unexpected turn. Instead of creating an acceptable use policy and enforcing it, and/or blocking content, we installed a new T1 and routers/firewalls for an Internet connection that is strictly for inter-company use only. The users' PCs have their gateways set to the firewall on the new T1, so bandwidth is not taken away from the circuit that external customers depend on.

A different version of this tip previously appeared on

This was last published in March 2006

Dig Deeper on Network management and monitoring