Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Where is the network traffic coming from?
Posted on 2011-03-09
Hi,
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2- +2
6 Comments
Bad performance in the internal network could of course make internet feel slow. But it is more likely that the internet connection is overloaded. Especially if you don't experience any slowness in the internal network at the same time.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
We do have the netflow analyser but it only marks spikes in traffic as a whole, and I would like to track it down to IP address to find out who it causing so much traffic. We have a cisco router, but I would hesitate to mess around with it all. For that reason, I am just trying to find out how to get an IP address to see whos downloading masses of data.
Any decent network monitoring software will give you the answer.
PRTG: http://www.paessler.com/tools
PRTG: http://www.paessler.com/tools
The netflow information that is sent to the netflow analyzer contains the IP-addresses and protocols for the flows. Isn't it possible to dig deeper in your analyzer? If you don't see more than traffic spikes I don't see why you use netflow, because netflow isn't always reliable when it comes to measuring traffic load. That is due to that it usually only reports when a flow ends.
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
An easy solution is to enable "ip accounting" to the router
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Featured Post
You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For many of us, the holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 9 hours left to enroll
Earn Certification
Cisco CCNA R&S: ICND2 v3
$197.00$177.30
Earn Certification
Cisco CCENT R&S: ICND1 v3
$197.00$177.30
632 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.