Monitor bandwidth and who is using it

I'm looking for suggestions on the best and easiest way to monitor who on my network is using alot of the network bandwidth and what they are doing.  I realize there are many ways to do this so feel free to suggest any way you may have implemented this.

The network setup is

2 user access switches ==>  core switch ==> mpls ==> core switch ==> firewall ==>  internet

I am really interested in find out from the user access switches the bandwidth hogs and what they are doing.  Is there anyway of getting aorund this process:  Identify via graph what ports on user access switches are using most traffic and put a port mirror to capture and analyze that traffic.
LVL 14
dmwynneAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick_O_ShayCommented:
If you mirror your access switch's uplink ports to the core to a Wireshark capture you can go into statistics then conversations and sort by the bps columns to see who is using what relative to that point in the network.

If it is Internet traffic you are looking for you can mirror the fiorewall's port and see everything going in and out.

The statistics alone will give you the usage numbers and you can then filter on those IPs if you want to see the packet details.

You may be able to get a rough idea of what devices are your heavy hitters just by looking at the switch port stats to see who is moving the most data.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dmwynneAuthor Commented:
Am I correct that if I wanted to mirror both connections from the user access switches to the core I would need two physical machines plugged into the mirror ports for each switch.  If that is the case maybe my best bet is to mirror the core switch connection to the mpls since all internet traffic must traverse that path or as you said I could mirror the firewall.

Aside from this method do you recommend any program that can simplify setting up the mirror and analyzing the traffic.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
That is correct - best to monitor traffic at a central device all traffic has to flow thru, because that filters out unrelated traffic (mangaged by the user access switches themselves)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.