1. Home
  2. Cisco Systems
  3. Bandwidth fully utilized - need to know the problem machine

Bandwidth fully utilized - need to know the problem machine

There is a router Cisco 3640 in the central office that has a 576 K bandwidth to the Internet. Now, the traffic on the serial link (to Internet router) is close to 100% (570 - 575 k /sec). I see that this traffic is the input rate. THe output rate is lesser.

I used PRTG tool and found that there are no non-unicast packets. I want to know who is causing the high bandwidth. THe number of users are close to 300. Can anybody help me on how do I know the problem machine here or the machine that is causing a lot of WAN traffic? I heard that show ip accounting can be a good tool but it is hard to point out where exactly is the problem

Please help.

Thanks a lot Gautam

Reply to
gautamzone
Loading thread data ...

Enable ip route-cache flow on the internal & external interfaces. This can show you the largest flows, in terms of number of packets, for someone doing a large downlod, or can show you a large number of 1 & 2 packet flows to consecutive IP addresses for a single machine infected with a virus.

BL

Reply to
Buzz Lightbeer

If you want to understand your traffic pattern, you should use a sniffer. You can get a free one (for example, ethereal), or get evaluation/demo version.

As a long-term solution (if you have a budget), you should think about NAM module. It's $5k list price, so, you could get it a little bit over $3k. It's great to see all types of reports on traffics, conversations, response time, etc.

Good luck,

Mike

formatting link

Reply to
CiscoHeadsetAdapter.com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.