• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 275
  • Last Modified:

Need to see traffic across WAN

We have a Point-2-Point T1 that supplies a 1MB connection between two LANs.  The T1 is wide open for both networks so traffic can come across the T1 at any time for any reason.  DHCP helps to control access by passing out local gateway, DNS and other domain traffic.  However there are times when we have a wild node that gets relocated to the opposite office or maybe a wrong DHCP entry.  Either way, we end up with 3000ms response time across the T1 when you normally see 10ms.  The challenge is that I currently have no quick way to see what node is sending/receiving traffic across that link.  The T1 is terminated into a radio broadcast device that does nothing more than give it a switch port, so there is no monitoring on either end.

With all of that said, I would like to be able to install a computer at one end of the T1, maybe place a 10/100 HUB inline with the T1 before it hits the local switch.  The computer could sniff the traffic to see what IP is sending/receiving a large majority of traffic.

Is this the best and cheapeast solution and if so, what software is free that will do this for me?  
0
murryc
Asked:
murryc
2 Solutions
 
jimmyray7Commented:
Wireshark will let you see all of the traffic traversing the WAN.  It's pretty much the gold standard for this kind of stuff.

0
 
asawatzkiCommented:
Here is what I would suggest.  Not sure what switch gear you have there, but if it is Cisco you can do the following:

1.  Plug in a desktop to the switch your WAN is plugged into on either site.
2.  Install wireshark's free Packet Sniffer.  http://www.wireshark.org/
3.  Find the switch interface that your WAN is plugged into on the remote network (or on your local network).  Turn on port mirroring on the interface your WAN is connected to so that it mirrors traffic over to the port your desktop is on.
4.  Turn on the packet capture for Wireshark on the desktop and you should be capturing all the traffic that is passing over the WAN.  You can use the Show IP Conversations view to see what end-to-end traffic is eating up all of your bandwidth.

If you don't have Cisco there may be another command like port mirroring for step 3.
0
 
texasjpmCommented:
If you have a Cisco router I think i would use Flow-top-talkers. Here is an example of the config i am using.

interface GigabitEthernet0/0
 ip flow ingress
 ip flow egress

ip flow-export source GigabitEthernet0/0
ip flow-top-talkers
 top 10
 sort-by bytes
 cache-timeout 1300
 match input-interface GigabitEthernet0/0


cap.jpg
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now