Solved

Monitoring bandwidth usage on a cisco router with netflow analyzer

Posted on 2010-09-10
6
757 Views
Last Modified: 2012-05-10
I have a cisco router connected to a T1 with some users behind it. Every now and then someone is downloading something during an inconvenient time and using up all the bandwidth. I am trying to use netflow analyzer to determine which IP address is requesting the download.

However its giving me inconsistent data (see picture). This picture is the OUTBOUND traffic of our INTERNAL interface fa0/1. It clearly says in the lower right the outbound traffic is 1.44mbps, however when you look at the top 4 "endpoints" in the traffic column it says they have only downloaded 69.7KB, 63.6KB, 26.7KB, and 26.3KB respectively. This was after the monitor had been running for close to a minute. During that time the person downloading should have been able to get up to 60mb of data, clearly not reflected in the chart.

Furthermore when I test this with myself as the downloader and I KNOW I am the only person using up the 99% of the T1 pipe, it fails to register on this chart, even though it does say the corrrect traffic utilization in the lower right.

Can anyone help with this?

 netflow output
0
Comment
Question by:steiner470
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 27

Expert Comment

by:davorin
ID: 33649074
If they (you) are downloading shouldn't check INBOUND traffic?
0
 

Author Comment

by:steiner470
ID: 33649229
As I explained, the chart is outbound traffic for the internal interface. Both interfaces fa0/0 (external) and fa0/1 (internal) have inbound and outbound data.

Since the download stream is flowing from the internet to the LAN, it should register as inbound traffic on fa0/0 and outbound traffic on fa0/1.
0
 
LVL 27

Expert Comment

by:davorin
ID: 33649551
Sorry, I was a little bit distracted. I'm not really familiar with netflow analyzer and yours like quite different from this online demo (http://demo.netflowanalyzer.com)
On this you have option to select from trafic/application/source/destination/... table view in and time windows (15 min, 30min, 1h,...) when you are on certain interface.
Do some other views offer some more logical data? Maybe you have set too small time window -e.g 1 second?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 37

Accepted Solution

by:
ArneLovius earned 250 total points
ID: 33650147
or run ntop on a linux box connected to a span port...

you might find it gives you quite a bit more information :-)
0
 
LVL 10

Assisted Solution

by:cstosgale
cstosgale earned 250 total points
ID: 33654828
Netflow top talkers might be the easiest way of getting the answer to who is doing the large download:-

http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/cfg_nflow_top_talk.html
0
 

Author Closing Comment

by:steiner470
ID: 33664516
Never did get netflow analyzer to show what I needed. But ntop and netflow top talkers are good alternatives.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question