denver218
asked on
Network Slowness on my T1 Circuit
I have a T1 and as of the past few days its been very slow. I have a solarwinds network performance montior installed and its telling me that my transmit rate on my T1 is at 97%. When looking at my netflow data it lists my top 5 transmitters. See below: They are all yahoo mail servers:
Top 5 Transmitters
Last 15 Minutes
Endpoint Total Bytes Total Packets Percent
mta-v3.mail.vip.mud.yahoo. com (66.94.237.64) 483.4 Kbytes 11.977 K packets 16.91%
mta-v2.mail.vip.mud.yahoo. com (66.94.236.34) 453.1 Kbytes 11.26 K packets 15.85%
mta-v1.mail.vip.ac4.yahoo. com (67.195.168.31) 449.8 Kbytes 11.235 K packets 15.74%
mta-v1.mail.vip.sk1.yahoo. com (74.6.136.65) 443.8 Kbytes 11.072 K packets 15.53%
mta-v1.mail.vip.re4.yahoo. com (206.190.54.127) 429.8 Kbytes 10.733 K packets 15.04%
Can anyone explain this? Why 5 different yahoo servers are 5 biggest trasmitters? I guess I could block these addresses on the firewall. Any thoughts?
Top 5 Transmitters
Last 15 Minutes
Endpoint Total Bytes Total Packets Percent
mta-v3.mail.vip.mud.yahoo.
mta-v2.mail.vip.mud.yahoo.
mta-v1.mail.vip.ac4.yahoo.
mta-v1.mail.vip.sk1.yahoo.
mta-v1.mail.vip.re4.yahoo.
Can anyone explain this? Why 5 different yahoo servers are 5 biggest trasmitters? I guess I could block these addresses on the firewall. Any thoughts?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My monitor is on the outside, I have netflow configured on my Cisco Router. I wanted to cofnigure netflow on my cisco pix so I could monitor the inside LAN by the PIX 506E doesn't support netflow. Any ideas on how I can analyze the inside LAN? Thanks.
ntop on a linux box connected to a span port that mirrors the PIX internal port
ASKER
This ended up to be an ISP issue. When I would do a simple ping to www.google.com I got replies but they were about 1000ms. I called the ISP and I'm not sure what they did but things magically got back to normal. They claim they didn't do anything. As far as why those yahoo servers were the 5 biggest tranmitters on my network, this is because employees that work there have thier yahoo email forwarded to their blackberry.
ASKER
Ended up being an ISP issue
It is either legit or not, you would only know this. If this is not normal, then you can always contact yahoo
bguthrie@neteng01 ~ $ whois 206.190.54.127 | grep -i abuse
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN
This could be related to a virus outbreak, an attack, etc
Billy