Link to home
Start Free TrialLog in
Avatar of lloydr1l
lloydr1l

asked on

How to break down traffic in PRTG?

I am using PRTG to monitor traffic coming off of a hub, just before the firewall.  While monitoring the traffic using the Packet Sniffer mode, viewing the graph, I obverve that at various times there is a huge spike in traffic for an extended period of time.  Then traffic goes back to normal.  

The traffic all falls in the "Other" category, and I can't tell where it's coming from.  Is there a way in PRTG to break this down so I know who is generating all the traffic, ideally by IP addresses?
ASKER CERTIFIED SOLUTION
Avatar of pkutter
pkutter
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lloydr1l
lloydr1l

ASKER

The switches are unmanaged, so port mirroring, etc is off.  I do have a hub setup to capture traffic, and I have been using Wireshark (Ethereal) as well to capture.  But the problem I was having with that program was its graphing capability.  I would like to be able to monitor the traffic graphically and watch for spikes.  Then within those spikes narrow down what is causing it and where from.  I"ve  been researching this a little more and saw where someone suggested using NTOP.
Avatar of jasoncoleman
jasoncoleman
With wireshark(ethereal) you can sort the conversations by bytes transmitted / received.  Go to statistics-> conversations and then click on the column you want to sort. That should help you narrow down where it is coming from. You can then narrow down the capture to traffic from that (those) device(s) and get more info.
Avatar of lloydr1l
lloydr1l

ASKER

jasoncoleman
I've done that, but the problem with conversations, endpoints, etc is they don't show when the bytes transmitted or received takes place.
Avatar of jasoncoleman
jasoncoleman
Usually I just run the capture right when the spike is happening and then I can sort out who is responsible at that time - it may not work for you though if the timing is unpredictable. Otherwise its tough without managed switches that you can get reporting from. I've never used ntop, it looks like it may do just what you'd like. Hopefully someone else out there can provide more info on it.
Avatar of lloydr1l
lloydr1l

ASKER

OK, just had to say, I've been playing with NTOP now for the last 20-30 minutes, and I really like the look of this program.  So if anyone ever comes across this post wondering the same thing, this looks like it might do the trick.  I'm still checking it out though.

I would still like to know if PRTG has some feature like this.  It seems that one could simply select an area of the graph with the mouse and dig in deeper to obtain more information.  Maybe not.  I know you can select an area in PRTG and it will automatically zoom in, but no more information is given.
Avatar of pkutter
pkutter
I'm sure you're probably already aware of this, but the managed switch at least, at the core of your network, would make this problem much easier to troubleshoot. I was able to justify to management the reason for purchasing a managed switch was to cut down the amount of time that I spent troubleshooting network issues, and also to prove to software vendors that we didn't have a "Network Problem" when it was really a bug in their software. Just some additional thoughts.

Good Luck