Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.
Solved
Where is the network traffic coming from?
Posted on 2011-03-09
Hi,
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2- +2
6 Comments
Bad performance in the internal network could of course make internet feel slow. But it is more likely that the internet connection is overloaded. Especially if you don't experience any slowness in the internal network at the same time.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
We do have the netflow analyser but it only marks spikes in traffic as a whole, and I would like to track it down to IP address to find out who it causing so much traffic. We have a cisco router, but I would hesitate to mess around with it all. For that reason, I am just trying to find out how to get an IP address to see whos downloading masses of data.
Any decent network monitoring software will give you the answer.
PRTG: http://www.paessler.com/tools
PRTG: http://www.paessler.com/tools
The netflow information that is sent to the netflow analyzer contains the IP-addresses and protocols for the flows. Isn't it possible to dig deeper in your analyzer? If you don't see more than traffic spikes I don't see why you use netflow, because netflow isn't always reliable when it comes to measuring traffic load. That is due to that it usually only reports when a flow ends.
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
An easy solution is to enable "ip accounting" to the router
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.