Monitor bandwidth and who is using it

I'm looking for suggestions on the best and easiest way to monitor who on my network is using alot of the network bandwidth and what they are doing.  I realize there are many ways to do this so feel free to suggest any way you may have implemented this.

The network setup is

2 user access switches ==>  core switch ==> mpls ==> core switch ==> firewall ==>  internet

I am really interested in find out from the user access switches the bandwidth hogs and what they are doing.  Is there anyway of getting aorund this process:  Identify via graph what ports on user access switches are using most traffic and put a port mirror to capture and analyze that traffic.
LVL 14
dmwynneAsked:
Who is Participating?
 
Rick_O_ShayConnect With a Mentor Commented:
If you mirror your access switch's uplink ports to the core to a Wireshark capture you can go into statistics then conversations and sort by the bps columns to see who is using what relative to that point in the network.

If it is Internet traffic you are looking for you can mirror the fiorewall's port and see everything going in and out.

The statistics alone will give you the usage numbers and you can then filter on those IPs if you want to see the packet details.

You may be able to get a rough idea of what devices are your heavy hitters just by looking at the switch port stats to see who is moving the most data.
0
 
dmwynneAuthor Commented:
Am I correct that if I wanted to mirror both connections from the user access switches to the core I would need two physical machines plugged into the mirror ports for each switch.  If that is the case maybe my best bet is to mirror the core switch connection to the mpls since all internet traffic must traverse that path or as you said I could mirror the firewall.

Aside from this method do you recommend any program that can simplify setting up the mirror and analyzing the traffic.
0
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
That is correct - best to monitor traffic at a central device all traffic has to flow thru, because that filters out unrelated traffic (mangaged by the user access switches themselves)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.