Solved

How to break down traffic in PRTG?

Posted on 2007-04-03
7
437 Views
Last Modified: 2009-12-16
I am using PRTG to monitor traffic coming off of a hub, just before the firewall.  While monitoring the traffic using the Packet Sniffer mode, viewing the graph, I obverve that at various times there is a huge spike in traffic for an extended period of time.  Then traffic goes back to normal.  

The traffic all falls in the "Other" category, and I can't tell where it's coming from.  Is there a way in PRTG to break this down so I know who is generating all the traffic, ideally by IP addresses?
0
Comment
Question by:lloydr1l
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
pkutter earned 500 total points
ID: 18844690
I use MRTG, but have my solution may help as well. If your switches support SNMP just turn on SNMP and have PRTG monitor them as well, then you will find the port that is producing all of the traffic. A packet analyzer such as Ethereal may work well if it is a hub and not a switch, or if your switch has port mirroring. It just depends what hardware you have how you want to go about it.

http://www.ethereal.com/
0
 

Author Comment

by:lloydr1l
ID: 18844718
The switches are unmanaged, so port mirroring, etc is off.  I do have a hub setup to capture traffic, and I have been using Wireshark (Ethereal) as well to capture.  But the problem I was having with that program was its graphing capability.  I would like to be able to monitor the traffic graphically and watch for spikes.  Then within those spikes narrow down what is causing it and where from.  I"ve  been researching this a little more and saw where someone suggested using NTOP.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18844930
With wireshark(ethereal) you can sort the conversations by bytes transmitted / received.  Go to statistics-> conversations and then click on the column you want to sort. That should help you narrow down where it is coming from. You can then narrow down the capture to traffic from that (those) device(s) and get more info.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:lloydr1l
ID: 18844970
jasoncoleman
I've done that, but the problem with conversations, endpoints, etc is they don't show when the bytes transmitted or received takes place.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18845034
Usually I just run the capture right when the spike is happening and then I can sort out who is responsible at that time - it may not work for you though if the timing is unpredictable. Otherwise its tough without managed switches that you can get reporting from. I've never used ntop, it looks like it may do just what you'd like. Hopefully someone else out there can provide more info on it.
0
 

Author Comment

by:lloydr1l
ID: 18845783
OK, just had to say, I've been playing with NTOP now for the last 20-30 minutes, and I really like the look of this program.  So if anyone ever comes across this post wondering the same thing, this looks like it might do the trick.  I'm still checking it out though.

I would still like to know if PRTG has some feature like this.  It seems that one could simply select an area of the graph with the mouse and dig in deeper to obtain more information.  Maybe not.  I know you can select an area in PRTG and it will automatically zoom in, but no more information is given.
0
 
LVL 7

Expert Comment

by:pkutter
ID: 18845909
I'm sure you're probably already aware of this, but the managed switch at least, at the core of your network, would make this problem much easier to troubleshoot. I was able to justify to management the reason for purchasing a managed switch was to cut down the amount of time that I spent troubleshooting network issues, and also to prove to software vendors that we didn't have a "Network Problem" when it was really a bug in their software. Just some additional thoughts.

Good Luck
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question