Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

network traffic

Status
Not open for further replies.

jakess

Technical User
Apr 17, 2000
418
ZA
We are experiencing high utilisation of network bandwith but do that have any proper software to identify the problem.
Can anyone recommend some free software that i can use to see which pc/server is causing this.
 
For an in-depth network analyst I recommend WireShark (it's free, like air). If you're unable interpret the results, post your findings within this topic and I'll take a look.

(Formerly known as Ethereal)

Cheers.
 
Will Wireshark capture info on all network devices or only packet flowing pass my NIC where latter is normally the case.
Also remembering we 3com switches in place.I realy need to see which pc's are sending the most packets to the Internet and LAN.
 
I used Wireshark and have found an IP address which do not belong to our IP range or subnet

Internet Protocol, Src: 169.254.234.241 (169.254.234.241), Dst: 239.255.255.250 (239.255.255.250)


What would this mean?
 
Yes, WireShark will provide you with an overview of your network traffic; try analyzing traffic from multiple points (I recommend using it on your gateway server if it's a Windows box) for solid, more accurate results.

Porkchopexpress *giggle* is correct about the DHCP issue, but do you know what exactly you're looking for besides high network utilization? Finding out what type of traffic is excessive can be determined by your environment, how many users are within your network, legacy equipment, and a few other factors but you get the point.

Here are a few questions to help point you in the right direction:

Are you seeing excessive ARP requests? Any workstations looking for another subnet that's not attached to your network, or once was? Unknown traffic to outside \ inside IP addresses?

One last thing would be to provide us with an overview of your network including how many users are present, and the number of servers and workstations.

Cheers.
 
I need to clarify something before I get flamed or start a forum war. WireShark will only show you broadcasted traffic and any traffic flowing to your terminal\workstation\whatever.
 
Exactly what i thought. Most scanners only check network traffic passing through your own NIC.

So if people are saying our network/internet connection etc is slow how can i check it to see what pc/server are causing high bandwith utilisation.

i know sniffer software can do it but at some price.
 
Users saying that the 'network is slow' is one thing. It's quite rare for this to happen unless there is a major IP issue somewhere. More often than not it's actually a single server or the ISP is slow due to high traffic or contention ratio.

Have you experienced a slow down yourself or is this all coming from just a small number of users? Do you know what they are trying to access at the time when they say it's slow?

Try the basics before looking for something with a packet sniffer. (Although unless your switches have a sniffer built-in I think you'll struggle on a switched network to find anything - depending on the network topology)

Good Luck,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top