eggster34
asked on
determine bandwidth used by outside hosts / clients on cisco router, related to http://www.experts-exchange.com/Hardware/Routers/Q_21920121.html
Hello
Thanks to lrmoore for helping out with my previous question.
https://www.experts-exchange.com/questions/21920121/traffic-shaping-on-2620-router-506-PIX.html
imagine I have the same setup, people from the internet are connecting to my servers and uploading stuff.. all connections pass through my router and pix.
is there any way I could see which specific ip host on the internet connected to which server and transferred how much data?
the reason for the question is that sometimes my 2xT-1s get congested and I'd like to find out what kind of traffic is congesting it and which client is using what kind of resources etc.?
Thanks to lrmoore for helping out with my previous question.
https://www.experts-exchange.com/questions/21920121/traffic-shaping-on-2620-router-506-PIX.html
imagine I have the same setup, people from the internet are connecting to my servers and uploading stuff.. all connections pass through my router and pix.
is there any way I could see which specific ip host on the internet connected to which server and transferred how much data?
the reason for the question is that sometimes my 2xT-1s get congested and I'd like to find out what kind of traffic is congesting it and which client is using what kind of resources etc.?
ASKER
but what do I need to do on my router to allow ntop to run?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
NTOP works great in promiscuous mode on a SPAN port, or on a hub between the router and firewall, or you can also use NTOP as a netflow collector.
Enable netflow on the router, then export the flow to the NTOP station.
This can be tricky of the NTOP system is on the inside of the PIX, but it is do-able...
Enable netflow on the router, then export the flow to the NTOP station.
This can be tricky of the NTOP system is on the inside of the PIX, but it is do-able...
http://www.ntop.org/overview.html
check it out.
Thanks
Scott