CertForums.com IT Certification Forum Homepage
Results 1 to 4 of 4

Who's using up all the bandwidth?

You are viewing a topic in the General Cisco Certifications forum part of the Cisco Certification Forums category.

  • Share:
  1. #1
    Kilobyte Poster
    Posts
    199
    Join Date
    15 Dec 2008
    Location
    UK
    Liked
    0 times
    Rep Power
    0

    Who's using up all the bandwidth?

    Drop Ship Lifestyle
    Say you have a medium or so LAN on a workgroup(internet cafe or so) and somebody is doing a lot of downloading, how would you best discretely find out who it was...?

    Ok so you are the admin to the router, you could log onto the router and look at the dhcp table which would give you all the ips, if you were using dhcp. But still then how would this help?? And then what if you were using all static ips what then?

    Would the arp cache in the router be of any use here?

  2. Posts
    666
    Join Date
    6 June 2003
    Location
    Somewhere in Germany
     

  3. #2
    aka kitkatninja wagnerk's Avatar
    Posts
    11,009
    Join Date
    13 May 2005
    Location
    Northants, UK
    Country
    Germany Country Flag
    Liked
    70 times
    Rep Power
    109
    Do you have an ISA box or a 3rd party vendor appliance like Sophos websecurity? These products give you access to reports that you can run off.

    -Ken

  4. #3
    Petabyte Poster zebulebu's Avatar
    Posts
    3,804
    Join Date
    07 Aug 2006
    Location
    Arsehole of the universe
    Age
    40
    Liked
    6 times
    Rep Power
    99
    Ethereal or MRTG to the rescue...

    Depending on whether you've got a managed or unmanaged switch you have two routes - one potentially easier than the other.

    If you have a managed switch its simple - just configure a mirror port (SPAN port on a Cisco) and plug a PC running ethereal into it - that way you can let it run for a while then take a look at which IPs are talking the most

    If you have an unmanaged switch its slightly more complicated - you could get a hub in 'behind' the router and sniff traffic there (depending on what sort of bandwidth you have) but you'd have to deal with the traffic having been NATed so you probably won't see anything useful. What you'd be better off doing in this scenario is getting a box running MRTG (easiest using Cacti) and talking to the router via SNMP - that would let you run some form of top talkers accounting which would be nice and simple and give you instant, archivable results.

    Other solutions to look at:

    If your switch is 'semi-managed' it may have the ability to respond to SNMP requests - if it can, consider using MRTG/Cacti on the switch.

    Can you configure Syslogging on your firewall? If you can, configure it to send to a box with a Syslog daemon on it (Kiwi is my favourite) and ruin it for a day - then take a look at which IPs have been doing the most talking (output it to csv and run it through Excel)

  5. #4
    Megabyte Poster Spice_Weasel's Avatar
    Posts
    254
    Join Date
    24 Jun 2006
    Liked
    0 times
    Rep Power
    16
    Zebulebu has your answer - having a dedicated network management box is the way to go, if possible. Just a few bits to add, if you are in a situation where you don't have a seperate box, there are some tools available on the router/fw, depending on your equipment.

    For example, I often use ip accounting on cisco gear for quick bandwidth usage checks. Run ip accounting for some period of time then display the output, which will show total bytes transferred for each source/destination pair. Very handy for quickly checking usage per host. Netflow (and JFlow on Juniper, Sflow on hp, etc.) gathers detailed information about flows and is widely supported and is quite useful for analyzing usage. You can also view the flow information directly on the router, it is much more detailed than simple ip accounting data. It is best to have a dedicated box for syslog, snmp, flow, etc., but it is handy to be able to quickly check on the router/fw/switch directly.

    Also, many platforms support packet capture directly on the router/fw, I use this for small remote sites that have no dedicated local monitoring. Just run the capture directly on the network hardware and drop it into ethereal where I am for more detailed analysis.

    Spice_Weasel

Similar Threads

  1. Bandwidth Hogger
    By zxspectrum in forum Internet, Connectivity and Communications
    Replies: 20
    Last Post: 22-Aug-2011, 10:43 AM
  2. Replies: 25
    Last Post: 19-Mar-2009, 06:27 PM
  3. Keep a check on your bandwidth use
    By UKDarkstar in forum Internet, Connectivity and Communications
    Replies: 11
    Last Post: 12-Nov-2008, 12:20 AM
  4. Claim your bandwidth back
    By Jakamoko in forum Networks
    Replies: 16
    Last Post: 20-Nov-2005, 10:38 PM
  5. Replies: 0
    Last Post: 09-May-2005, 04:25 PM