Solved

Bandwidth activity help

Posted on 2014-07-24
11
403 Views
Last Modified: 2014-09-16
I am new to trying to read netflow data to determine usage. I found an app that seems to be giving me the information I need but I am not sure what some of it is. Can you tell me what I am looking at? I am especially wondering about the macromedia-fcs and the four above (ms-wbt-servr, oce-snmp-trap, gte-samp, sns-dispatcher) I have never had to really narrow down bandwidth but someone keeps blowing ours up.

Could you also tell me why I have one router but it is giving me three interfaces?

ifIndex2.pdfifIndex65535.pdfifIndex3.pdfdashboard bottom screen after reconnectionnetflow snapshot after reconnectiondashboard top screen after reconnection
0
Comment
Question by:Jennifer
11 Comments
 

Author Comment

by:Jennifer
ID: 40218048
To add to this, it seems there are times when we lose connection one of the other locations loses connection. Which I mean is expected but it seems more like their router is pushing ours to max and disconnect or vise versa ours is maxing there and disconnecting. Is this possible and how to you verify and/or rectify?
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 40218828
http://www.manageengine.com/products/netflow/help/netflow-misc/faq-netflow-analyzer.html#inout

You'll have to look up the application names on the Internet.

For example, ms-wbt-server is typically RDP traffic, but it is identified only based on TCP/UDP port numbers, so if some virus or worm is using that same port, the traffic could be that too.
0
 

Author Comment

by:Jennifer
ID: 40232536
Thanks for the post however this doesn't really help me. When I try to look up the names I don't seem to find any information on what is using this port. The one I have right now is sitadar port 2631. All I can find is that it is TCP well my data tells me that. I need to know who and what is using it. I also see 'unknown app' using scr port 53427 and dst port 8014 using 8.14 gb. I don't know what this is and there isn't much to go on.

If we go back to my other question about one of my site to site VPN branch locations taking the router down. Today I had an instance where our internet went down. I look at the report and I see a huge spike. I can't tell for sure what is spiking it but I do know that while I am looking at the data I get a call from one of our branches. He says they have been down for 30 minutes, no internet. If his time is accurate it would have been 10 minutes before we went down. Do these have any correlation?
0
 

Author Comment

by:Jennifer
ID: 40258754
So I have a better understanding on the flow of this however I have run into a problem that I kind of mentioned previously.
I have narrowed down an instance when the internet here goes down and of course goes down in one of the branches. What I have found is that yesterday Symantec Endpoint was sending updates to one of the branch computers. The internet spiked to full bandwidth which of course disconnected everyone. Why would Symantec be using full bandwidth to send to this branch and not the other branch or internal office? I believe I have everything setup exactly the same. If this is to happen then is there a way to have it do this during the evening?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 69

Expert Comment

by:Merete
ID: 40285162
Hi Jennifer
It's a good idea to grab some video and watch how it's done, study the guides
Here's a video describing the overview of Net Flow from Solar Winds
this may help you
NetFlow Traffic Analyzer
https://www.youtube.com/watch?v=FSEjFxK4joY
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 250 total points
ID: 40286704
Hi Jennifer,

Lets break this communication down. it seems that 3 services namely ms-wbt-server, gta-samp and sns-dispatch gets most traffic. ms-wbt-server port is Microsoft Remote Desktop connection. I don't know any specific application which uses gte-samp (2346/TCP port) but it seems the traffic on ms-wbt and gta-samp is similar so it might easily be some port on the receiving end of the MS Remote Desktop.  sns-dispatch is the NAS connection port so it seems that there's a NAS placed in your network and there's a heavy traffic load on it. Also you have some Ms-Remote Desktop service activity. If you are using Ms Terminal services and thin clients this might be normal to have this traffic.

Best Regards,

K.
0
 

Author Comment

by:Jennifer
ID: 40289181
Thank you both.

I will take a look at the video.

Our branch locations are currently connecting through terminal services so that would explain those. I am not sure about the NAS though, I will have to look into it.
0
 

Author Comment

by:Jennifer
ID: 40325523
I have narrowed it down to Symantec and I am reviewing that further on a different thread so thanks for the help. The answers helped put me it the right direction.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now