Solved

Where is the network traffic coming from?

Posted on 2011-03-09
6
516 Views
Last Modified: 2012-05-11
Hi,

At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
0
Comment
Question by:fstinc
6 Comments
 
LVL 5

Expert Comment

by:torvir
ID: 35086266
Bad performance in the internal network could of course make internet feel slow. But it is more likely that the internet connection is overloaded. Especially if you don't experience any slowness in the internal network at the same time.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
0
 

Author Comment

by:fstinc
ID: 35087925
We do have the netflow analyser but it only marks spikes in traffic as a whole, and I would like to track it down to IP address to find out who it causing so much traffic. We have a cisco router, but I would hesitate to mess around with it all. For that reason, I am just trying to find out how to get an IP address to see whos downloading masses of data.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35089022
Any decent network monitoring software will give you the answer.

PRTG: http://www.paessler.com/tools
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 5

Assisted Solution

by:torvir
torvir earned 83 total points
ID: 35092049
The netflow information that is sent to the netflow analyzer contains the IP-addresses and protocols for the flows. Isn't it possible to dig deeper in your analyzer? If you don't see more than traffic spikes I don't see why you use netflow, because netflow isn't always  reliable when it comes to measuring traffic load. That is due to that it usually only reports when a flow ends.
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
0
 
LVL 10

Assisted Solution

by:ampranti
ampranti earned 83 total points
ID: 35092550
An easy solution is to enable "ip accounting" to the router

Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.

Then with command "show ip accoutnting" you can see all active connections to the router.

Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)

Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
0
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 84 total points
ID: 35094646
With Wireshark on a port mirror of the router's port you can go into statistics and then conversations and sort by the byte counts or utilization columns to quickly see who is using most bandwidth.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Route summarization 9 44
network timeout on mapped drive 3 27
server plus 2 46
Connecting LAN to a new leased line 2 22
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now