• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

Wireless Monitoring

I am looking for a wireless monitoring tool so that I can see who is hogging up all the interfaces.  We have devices (both personal iPhone and laptops) and would like to be able to quickly identify who uses all the bandwidth at a point in time.

Also, would like the ability to kill that session if possible.

thanks - latenaite
0
LateNaite
Asked:
LateNaite
  • 6
  • 3
7 Solutions
 
Craig BeckCommented:
What wireless system do you have?
0
 
LateNaiteAuthor Commented:
Cisco Wireless controllers and APs.
0
 
AkinsdNetwork AdministratorCommented:
There is a QoS feature on Cisco WLCs. You can use that to cap bandwidth or prioritize traffic.
The default settings gives priority to Voice, Data and Video in that order. You have options to manually manipulate traffic

There are free tools in the market you can use to monitor or capture traffic - The Dude, Wireshark, PTRG, OP Manager etc
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Craig BeckCommented:
You should use AVC on the WLC to see what types of applications are being used the most and Prime Infrastructure to monitor clients.  That will give you everything you need.

Free tools won't help as the client traffic is encapsulated in CAPWAP.
0
 
AkinsdNetwork AdministratorCommented:
Monitoring tools can be used to identify which device (IP address) is hogging up traffic.

If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
0
 
Craig BeckCommented:
Maybe to monitor traffic coming out of the WLC, but that's only half the story.  If it's traffic across the WLAN but not exiting via the WLC's wired ports you will have to use Prime Infrastructure.

Also, if Flexconnect is used you'd have to know which AP to monitor.  Again, free tools probably won't help until you know where the client is connected, or vice-versa.
0
 
AkinsdNetwork AdministratorCommented:
so that I can see who is hogging up all the interfaces
Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.

I have done this in the past so I know it works. Other thing you could do is just check the loads on the interfaces of the distribution switch. When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged. This will slow down the ability of the switch to forward traffic and the result is network-wide for every traffic that traverses the affected distribution switch.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
interface.jpgMonitoring tools will identify this quicker. Just scan the network and check the meters, You'll see the device with unusually high meters
0
 
Craig BeckCommented:
Traffic CAN and MAY go past the WLC to the distribution switch to the core switch to the firewall to the MPLS router to the cloud... Etc.  It doesn't have to though.  Just be aware of that.

"Monitoring tools will identify this quicker"...

Correct, but not FREE tools.  Cisco Prime Infrastructure is made for exactly this.  Log in to it and it immediately shows you dashlets with important info such as number of connected clients and top users.
0
 
Craig BeckCommented:
If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.
Fair enough, but how do you match up the IP address to the user within that one tool?  Answer: You can't.  You can with Prime Infrastructure.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
It depends how it's implemented.  If it's at the WLC it may not be ideal depending on version of code.  It may be better to do this at the wired network instead, or both, but it isn't always a viable option.

Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.
As I said... not always.  Traffic can still roam within the WLC between clients.  This traffic will NEVER hit the distribution switch.

Other thing you could do is just check the loads on the interfaces of the distribution switch.
How will that help to locate a user abusing bandwidth??  Sure, you can see that there's a lot of traffic passing through the interface, but you already knew that.

When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged.
switches can process traffic absolutely fine at 20%.  On a gigabit interface that's barely touching the sides.  200Mbps... sabotaging the processing power on a 48Gbps switch??  Please explain where you've got this information from.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
The traffic will be coming out of the WLC if it's coming across the wired network from a wireless client.  Why go to all of this effort to simply locate one of the ports that you already know will be passing the traffic??

Monitoring tools will identify this quicker.
I'll say it again... this is correct, BUT only if the tool is the right one.  Cisco's Prime Infrastructure is the ONLY tool that will help where a WLAN is concerned if you want to be 100% sure.  Nothing else will do.  You can tie up all of the information you need in one page in Prime Infrastructure.  You just can't do that with any other monitoring tool.
0
 
Craig BeckCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now