Solved

Where is the network traffic coming from?

Posted on 2011-03-09
6
529 Views
Last Modified: 2012-05-11
Hi,

At times, the internet slows down drastically. Here are a few quick questions. If the internet goes, that has nothing to do with the performance of the network? Correct. Since the internet is slow, how can I find out where the traffic is coming from? As in, whos downloading 10 GB of music? Thanks
0
Comment
Question by:fstinc
6 Comments
 
LVL 5

Expert Comment

by:torvir
ID: 35086266
Bad performance in the internal network could of course make internet feel slow. But it is more likely that the internet connection is overloaded. Especially if you don't experience any slowness in the internal network at the same time.
How you hunt down the bad traffic depends on which equipment you have.
1) You could install wireshark on a pc and mirror traffic in a switch to that pc.
2) If you have control of a router in the path you can have that router sending netflow messages to a netflow collector.
3) You firewall might have built in logs of the traffic flows.
0
 

Author Comment

by:fstinc
ID: 35087925
We do have the netflow analyser but it only marks spikes in traffic as a whole, and I would like to track it down to IP address to find out who it causing so much traffic. We have a cisco router, but I would hesitate to mess around with it all. For that reason, I am just trying to find out how to get an IP address to see whos downloading masses of data.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35089022
Any decent network monitoring software will give you the answer.

PRTG: http://www.paessler.com/tools
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 5

Assisted Solution

by:torvir
torvir earned 83 total points
ID: 35092049
The netflow information that is sent to the netflow analyzer contains the IP-addresses and protocols for the flows. Isn't it possible to dig deeper in your analyzer? If you don't see more than traffic spikes I don't see why you use netflow, because netflow isn't always  reliable when it comes to measuring traffic load. That is due to that it usually only reports when a flow ends.
So if you use netflow you should have an analyzer that can make the most of the information. I know that the analyzer from manageengine does what you want. And if you just want to use it for this matter, you can do with the free version. At least try it to solve your present problem.
What analyzer are you using now?
0
 
LVL 10

Assisted Solution

by:ampranti
ampranti earned 83 total points
ID: 35092550
An easy solution is to enable "ip accounting" to the router

Login to router cli, enter the lan(or the inside interfase of the router) interface and type command "ip accounting.

Then with command "show ip accoutnting" you can see all active connections to the router.

Example
#conf t
int fa 0/0 (choose your interface)
ip accounting
# show ip accounting (refersh every few seconds)

Otherwise, you should enable netflow and a utility to collect the data and analyze it (like ntop)
0
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 84 total points
ID: 35094646
With Wireshark on a port mirror of the router's port you can go into statistics and then conversations and sort by the byte counts or utilization columns to quickly see who is using most bandwidth.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question