Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Bandwidth activity help

Posted on 2014-07-24
11
Medium Priority
?
488 Views
Last Modified: 2014-09-16
I am new to trying to read netflow data to determine usage. I found an app that seems to be giving me the information I need but I am not sure what some of it is. Can you tell me what I am looking at? I am especially wondering about the macromedia-fcs and the four above (ms-wbt-servr, oce-snmp-trap, gte-samp, sns-dispatcher) I have never had to really narrow down bandwidth but someone keeps blowing ours up.

Could you also tell me why I have one router but it is giving me three interfaces?

ifIndex2.pdfifIndex65535.pdfifIndex3.pdfdashboard bottom screen after reconnectionnetflow snapshot after reconnectiondashboard top screen after reconnection
0
Comment
Question by:Jennifer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Author Comment

by:Jennifer
ID: 40218048
To add to this, it seems there are times when we lose connection one of the other locations loses connection. Which I mean is expected but it seems more like their router is pushing ours to max and disconnect or vise versa ours is maxing there and disconnecting. Is this possible and how to you verify and/or rectify?
0
 
LVL 17

Accepted Solution

by:
pergr earned 750 total points
ID: 40218828
http://www.manageengine.com/products/netflow/help/netflow-misc/faq-netflow-analyzer.html#inout

You'll have to look up the application names on the Internet.

For example, ms-wbt-server is typically RDP traffic, but it is identified only based on TCP/UDP port numbers, so if some virus or worm is using that same port, the traffic could be that too.
0
 

Author Comment

by:Jennifer
ID: 40232536
Thanks for the post however this doesn't really help me. When I try to look up the names I don't seem to find any information on what is using this port. The one I have right now is sitadar port 2631. All I can find is that it is TCP well my data tells me that. I need to know who and what is using it. I also see 'unknown app' using scr port 53427 and dst port 8014 using 8.14 gb. I don't know what this is and there isn't much to go on.

If we go back to my other question about one of my site to site VPN branch locations taking the router down. Today I had an instance where our internet went down. I look at the report and I see a huge spike. I can't tell for sure what is spiking it but I do know that while I am looking at the data I get a call from one of our branches. He says they have been down for 30 minutes, no internet. If his time is accurate it would have been 10 minutes before we went down. Do these have any correlation?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:Jennifer
ID: 40258754
So I have a better understanding on the flow of this however I have run into a problem that I kind of mentioned previously.
I have narrowed down an instance when the internet here goes down and of course goes down in one of the branches. What I have found is that yesterday Symantec Endpoint was sending updates to one of the branch computers. The internet spiked to full bandwidth which of course disconnected everyone. Why would Symantec be using full bandwidth to send to this branch and not the other branch or internal office? I believe I have everything setup exactly the same. If this is to happen then is there a way to have it do this during the evening?
0
 
LVL 70

Expert Comment

by:Merete
ID: 40285162
Hi Jennifer
It's a good idea to grab some video and watch how it's done, study the guides
Here's a video describing the overview of Net Flow from Solar Winds
this may help you
NetFlow Traffic Analyzer
https://www.youtube.com/watch?v=FSEjFxK4joY
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 750 total points
ID: 40286704
Hi Jennifer,

Lets break this communication down. it seems that 3 services namely ms-wbt-server, gta-samp and sns-dispatch gets most traffic. ms-wbt-server port is Microsoft Remote Desktop connection. I don't know any specific application which uses gte-samp (2346/TCP port) but it seems the traffic on ms-wbt and gta-samp is similar so it might easily be some port on the receiving end of the MS Remote Desktop.  sns-dispatch is the NAS connection port so it seems that there's a NAS placed in your network and there's a heavy traffic load on it. Also you have some Ms-Remote Desktop service activity. If you are using Ms Terminal services and thin clients this might be normal to have this traffic.

Best Regards,

K.
0
 

Author Comment

by:Jennifer
ID: 40289181
Thank you both.

I will take a look at the video.

Our branch locations are currently connecting through terminal services so that would explain those. I am not sure about the NAS though, I will have to look into it.
0
 

Author Comment

by:Jennifer
ID: 40325523
I have narrowed it down to Symantec and I am reviewing that further on a different thread so thanks for the help. The answers helped put me it the right direction.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question