Traffic Analysing

hybrid

hybrid

hybrid

Associate
Joined
18 Nov 2003
Posts
1,311
Location
Newcastle
Hi all,

Does anyone know a decent method of finding out what device on a network is using all of the bandwidth on one of our pipes?

Basically every four hours something is downloading at high speeds using up all of our available bandwidth. The downloads then stop for roughly two hours then resume once again, as shown below...

bandwidth.gif


My aim is to sniff down whatever machine/device is sucking all of this bandwidth up and remove it from my network.

Biggest problem is, i have 772 workstations and 14 servers.

I've tried Ethereal but thats obviously just picking up arp's and broadcasts.

I can't log onto the router as it's a managed service from our ISP.

If someone could give me something else to check that would be great.

Cheers. :-)
 
If you've got a switch or router that can give you per-port statistics it would help you narrow it down.
 
Yeah suppose i'm gonna have to go through all the switches one at a time and see.

Have you much experience with ethereal or wireshark at all?
 
Create a span port on one of your switches and "mirror" all traffic to a sniffer of some description. PRTG will probably be able to sort you out, or maybe Cactii/MRTG. If you have multiple switches you can do RSPAN or remote span. This is assuming you have Cisco switches. Im sure HP and any other large switch manufacturer will offer an alternative feature.
 
Yip Rich, thats what i'm going to do next. I just need to read up on getting all of the switches traffic on the procurves to mirror to another port now.

I'm hoping our core switches will do that anyways.
 
Do you not have the ability to collect interface statistics for all ports on the switch using SNMP? This would indicate the interface with whatever is sucking up the bandwidth.

As for sniffing, perhaps a ntop may be a solution for you, once you have sorted out the port spanning, if that is the road your going to go down.
 
You must log in or register to reply here.
Back
Top Bottom