steiner470
asked on
Monitoring bandwidth usage on a cisco router with netflow analyzer
I have a cisco router connected to a T1 with some users behind it. Every now and then someone is downloading something during an inconvenient time and using up all the bandwidth. I am trying to use netflow analyzer to determine which IP address is requesting the download.
However its giving me inconsistent data (see picture). This picture is the OUTBOUND traffic of our INTERNAL interface fa0/1. It clearly says in the lower right the outbound traffic is 1.44mbps, however when you look at the top 4 "endpoints" in the traffic column it says they have only downloaded 69.7KB, 63.6KB, 26.7KB, and 26.3KB respectively. This was after the monitor had been running for close to a minute. During that time the person downloading should have been able to get up to 60mb of data, clearly not reflected in the chart.
Furthermore when I test this with myself as the downloader and I KNOW I am the only person using up the 99% of the T1 pipe, it fails to register on this chart, even though it does say the corrrect traffic utilization in the lower right.
Can anyone help with this?
However its giving me inconsistent data (see picture). This picture is the OUTBOUND traffic of our INTERNAL interface fa0/1. It clearly says in the lower right the outbound traffic is 1.44mbps, however when you look at the top 4 "endpoints" in the traffic column it says they have only downloaded 69.7KB, 63.6KB, 26.7KB, and 26.3KB respectively. This was after the monitor had been running for close to a minute. During that time the person downloading should have been able to get up to 60mb of data, clearly not reflected in the chart.
Furthermore when I test this with myself as the downloader and I KNOW I am the only person using up the 99% of the T1 pipe, it fails to register on this chart, even though it does say the corrrect traffic utilization in the lower right.
Can anyone help with this?
davorin
If they (you) are downloading shouldn't check INBOUND traffic?
ASKER
As I explained, the chart is outbound traffic for the internal interface. Both interfaces fa0/0 (external) and fa0/1 (internal) have inbound and outbound data.
Since the download stream is flowing from the internet to the LAN, it should register as inbound traffic on fa0/0 and outbound traffic on fa0/1.
Since the download stream is flowing from the internet to the LAN, it should register as inbound traffic on fa0/0 and outbound traffic on fa0/1.
Sorry, I was a little bit distracted. I'm not really familiar with netflow analyzer and yours like quite different from this online demo (http://demo.netflowanalyzer.com)
On this you have option to select from trafic/application/source/
Do some other views offer some more logical data? Maybe you have set too small time window -e.g 1 second?
On this you have option to select from trafic/application/source/
Do some other views offer some more logical data? Maybe you have set too small time window -e.g 1 second?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Never did get netflow analyzer to show what I needed. But ntop and netflow top talkers are good alternatives.