Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to identify a PC using all the available bandwidth?

Status
Not open for further replies.
appelq

appelq

IS-IT--Management
Dec 28, 2004
72
US
I have a multi-site private network using MPLS.
We have a Private IP scheme using 192.168/24 addresses where the 3rd octet identifies my sites.
Users ate one site, have 2 bonded T1's for a 3MB port to the MPLS cloud.
They tell me that during the middle part of the day, their access to the application hosted at my other site, slows to a crawl.

Using Ping and Traceroute, I notice that the trace hops are definitely slow on their end, and that the slowness tends to start abruptly and End Abruptly at around the same time each day.

I suspect that 1 (or more) PC's may either be launching something that is using a lot of bandwidth, or a PC may be infected with something.

I would love to be able to run a packet analyzer or something that might tell me for example that IP 192.168.5.65 is sent/received 100mb data from/to {some public IP address like Youtube or something} in the last X minutes.

I would need to scan all IP addresses at that location (192.168.5.x)

So my question is what would be the best approach for someone like me who has never used a Packet Analyzer?

Thanks in advance,
Chuck
 
Sort by date Sort by votes
I would use a tool such as Solarwinds to query SNMP stats off the local switch. Leave that running for 24 hours and you will have a complete picture of switchport utilisation which is usually enough to pinpoint this kind of problem and nail it.

Failing that, just log into the switch and display switchport utilisaiton stats while the problem is occurring.

By figuring out which Tx & Rx stats are anomalously high, you should be able to its source.

I always sketch up a logical network diagram indentifying all infrastructure and devices prior to trying to interpret the traffic stats.

I recently did a job like this where the mob responsible for the network had spent two months scratching their heads and making excuses - 1 hour of traffic stats allowed me to indentify their problem without any problem.
 
Upvote 0 Downvote
Do you have a router on that end, if so just enable netflow and you should be able to determine who is cranking the data out by just looking at the netflow data.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
201
madwok
madwok
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
147
BIS
BIS
woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
185
DrB0b
DrB0b
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
144
Luzbel
Luzbel
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
170
bdk76
bdk76

Part and Inventory Search

Sponsor

Back
Top