Solved

Wireless Monitoring

Posted on 2015-02-16
11
159 Views
Last Modified: 2015-03-19
I am looking for a wireless monitoring tool so that I can see who is hogging up all the interfaces.  We have devices (both personal iPhone and laptops) and would like to be able to quickly identify who uses all the bandwidth at a point in time.

Also, would like the ability to kill that session if possible.

thanks - latenaite
0
Comment
Question by:LateNaite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
11 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40612574
What wireless system do you have?
0
 

Author Comment

by:LateNaite
ID: 40612642
Cisco Wireless controllers and APs.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40612733
There is a QoS feature on Cisco WLCs. You can use that to cap bandwidth or prioritize traffic.
The default settings gives priority to Voice, Data and Video in that order. You have options to manually manipulate traffic

There are free tools in the market you can use to monitor or capture traffic - The Dude, Wireshark, PTRG, OP Manager etc
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 46

Accepted Solution

by:
Craig Beck earned 357 total points
ID: 40613150
You should use AVC on the WLC to see what types of applications are being used the most and Prime Infrastructure to monitor clients.  That will give you everything you need.

Free tools won't help as the client traffic is encapsulated in CAPWAP.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 143 total points
ID: 40613165
Monitoring tools can be used to identify which device (IP address) is hogging up traffic.

If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40613177
Maybe to monitor traffic coming out of the WLC, but that's only half the story.  If it's traffic across the WLAN but not exiting via the WLC's wired ports you will have to use Prime Infrastructure.

Also, if Flexconnect is used you'd have to know which AP to monitor.  Again, free tools probably won't help until you know where the client is connected, or vice-versa.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 143 total points
ID: 40613198
so that I can see who is hogging up all the interfaces
Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.

I have done this in the past so I know it works. Other thing you could do is just check the loads on the interfaces of the distribution switch. When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged. This will slow down the ability of the switch to forward traffic and the result is network-wide for every traffic that traverses the affected distribution switch.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
interface.jpgMonitoring tools will identify this quicker. Just scan the network and check the meters, You'll see the device with unusually high meters
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40613227
Traffic CAN and MAY go past the WLC to the distribution switch to the core switch to the firewall to the MPLS router to the cloud... Etc.  It doesn't have to though.  Just be aware of that.

"Monitoring tools will identify this quicker"...

Correct, but not FREE tools.  Cisco Prime Infrastructure is made for exactly this.  Log in to it and it immediately shows you dashlets with important info such as number of connected clients and top users.
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40614857
If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.
Fair enough, but how do you match up the IP address to the user within that one tool?  Answer: You can't.  You can with Prime Infrastructure.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
It depends how it's implemented.  If it's at the WLC it may not be ideal depending on version of code.  It may be better to do this at the wired network instead, or both, but it isn't always a viable option.

Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.
As I said... not always.  Traffic can still roam within the WLC between clients.  This traffic will NEVER hit the distribution switch.

Other thing you could do is just check the loads on the interfaces of the distribution switch.
How will that help to locate a user abusing bandwidth??  Sure, you can see that there's a lot of traffic passing through the interface, but you already knew that.

When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged.
switches can process traffic absolutely fine at 20%.  On a gigabit interface that's barely touching the sides.  200Mbps... sabotaging the processing power on a 48Gbps switch??  Please explain where you've got this information from.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
The traffic will be coming out of the WLC if it's coming across the wired network from a wireless client.  Why go to all of this effort to simply locate one of the ports that you already know will be passing the traffic??

Monitoring tools will identify this quicker.
I'll say it again... this is correct, BUT only if the tool is the right one.  Cisco's Prime Infrastructure is the ONLY tool that will help where a WLAN is concerned if you want to be 100% sure.  Nothing else will do.  You can tie up all of the information you need in one page in Prime Infrastructure.  You just can't do that with any other monitoring tool.
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40617002
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dual Band Channels 7 48
Wireless antenna advice/design 6 70
Linksys e2500 wireless router - should I upgrade 6 89
Expand Verizon 3G to LTE - possible? 4 58
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question