In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!
Where is the network traffic coming from?
Hi,
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
Who is Participating?
LVL 21
With Wireshark on a port mirror of the router's port you can go into statistics and then conversations and sort by the byte counts or utilization columns to quickly see who is using most bandwidth.
Bad performance in the internal network could of course make internet feel slow. But it is more likely that the internet connection is overloaded. Especially if you don't experience any slowness in the internal network at the same time.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
We do have the netflow analyser but it only marks spikes in traffic as a whole, and I would like to track it down to IP address to find out who it causing so much traffic. We have a cisco router, but I would hesitate to mess around with it all. For that reason, I am just trying to find out how to get an IP address to see whos downloading masses of data.
Any decent network monitoring software will give you the answer.
PRTG: http://www.paessler.com/tools
PRTG: http://www.paessler.com/tools
The netflow information that is sent to the netflow analyzer contains the IP-addresses and protocols for the flows. Isn't it possible to dig deeper in your analyzer? If you don't see more than traffic spikes I don't see why you use netflow, because netflow isn't always reliable when it comes to measuring traffic load. That is due to that it usually only reports when a flow ends.
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
An easy solution is to enable "ip accounting" to the router
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.
Then with command "show ip accoutnting" you can see all active connections to the router.
Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)
Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
