Solved

How to break down traffic in PRTG?

Posted on 2007-04-03
7
444 Views
Last Modified: 2009-12-16
I am using PRTG to monitor traffic coming off of a hub, just before the firewall.  While monitoring the traffic using the Packet Sniffer mode, viewing the graph, I obverve that at various times there is a huge spike in traffic for an extended period of time.  Then traffic goes back to normal.  

The traffic all falls in the "Other" category, and I can't tell where it's coming from.  Is there a way in PRTG to break this down so I know who is generating all the traffic, ideally by IP addresses?
0
Comment
Question by:lloydr1l
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
pkutter earned 500 total points
ID: 18844690
I use MRTG, but have my solution may help as well. If your switches support SNMP just turn on SNMP and have PRTG monitor them as well, then you will find the port that is producing all of the traffic. A packet analyzer such as Ethereal may work well if it is a hub and not a switch, or if your switch has port mirroring. It just depends what hardware you have how you want to go about it.

http://www.ethereal.com/
0
 

Author Comment

by:lloydr1l
ID: 18844718
The switches are unmanaged, so port mirroring, etc is off.  I do have a hub setup to capture traffic, and I have been using Wireshark (Ethereal) as well to capture.  But the problem I was having with that program was its graphing capability.  I would like to be able to monitor the traffic graphically and watch for spikes.  Then within those spikes narrow down what is causing it and where from.  I"ve  been researching this a little more and saw where someone suggested using NTOP.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18844930
With wireshark(ethereal) you can sort the conversations by bytes transmitted / received.  Go to statistics-> conversations and then click on the column you want to sort. That should help you narrow down where it is coming from. You can then narrow down the capture to traffic from that (those) device(s) and get more info.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lloydr1l
ID: 18844970
jasoncoleman
I've done that, but the problem with conversations, endpoints, etc is they don't show when the bytes transmitted or received takes place.
0
 
LVL 3

Expert Comment

by:jasoncoleman
ID: 18845034
Usually I just run the capture right when the spike is happening and then I can sort out who is responsible at that time - it may not work for you though if the timing is unpredictable. Otherwise its tough without managed switches that you can get reporting from. I've never used ntop, it looks like it may do just what you'd like. Hopefully someone else out there can provide more info on it.
0
 

Author Comment

by:lloydr1l
ID: 18845783
OK, just had to say, I've been playing with NTOP now for the last 20-30 minutes, and I really like the look of this program.  So if anyone ever comes across this post wondering the same thing, this looks like it might do the trick.  I'm still checking it out though.

I would still like to know if PRTG has some feature like this.  It seems that one could simply select an area of the graph with the mouse and dig in deeper to obtain more information.  Maybe not.  I know you can select an area in PRTG and it will automatically zoom in, but no more information is given.
0
 
LVL 7

Expert Comment

by:pkutter
ID: 18845909
I'm sure you're probably already aware of this, but the managed switch at least, at the core of your network, would make this problem much easier to troubleshoot. I was able to justify to management the reason for purchasing a managed switch was to cut down the amount of time that I spent troubleshooting network issues, and also to prove to software vendors that we didn't have a "Network Problem" when it was really a bug in their software. Just some additional thoughts.

Good Luck
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question