Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trying to catch high levels of traffic being generated.

Status
Not open for further replies.
cajuntank

cajuntank

IS-IT--Management
May 20, 2003
947
US
I have a router connected to a 3560 switch (being used as a core/distribution). We have a T1 going to the router and I have been seeing a ton of receive traffice on the switchport's interface to the router. I have troubleshot disabling ports and found 3 ports that if enabled, bandwidth goes to pot; so I know I have some virus/worm on my network as this location. Question is, is there some syslog level or something else I can enable on the router or switch that will tell me my top receivers?
My router's IOS is 12.3.11T5 and switch's IOS is 12.2.25SEB2
if that helps any.

Thanks.
 
Sort by date Sort by votes
You can enable netflow on your connecting interfaces .
Conf t
interface XX
ip route-cache flow

To get a look at who is tranmitting all the traffic and where just use the "show ip cache-flow" command and this will give you a table of all the ip flows going on on those interfaces .Don't know if the 3560 supports it or not but the router should .
 
Upvote 0 Downvote
Vipergg...how do you clear this table? I tried clear ip cache, but the entries are still there...do I have to do it per source address? This is on a 2620XM with advanced enterprise 12.4(9)T2

Burt
 
Upvote 0 Downvote
Turned that on right before I left for the day... will not really see the suspect traffic until the teachers and students get in in the morning...

I also turned on syslogging... what level would be a good one to log? I have it set for informational, but all I've seen so far is "configured by console admin" on my syslog pc
 
Upvote 0 Downvote
I'm not sure what the command is to clear it , those are active flows and they will automatically clear if no traffic is seen within a short period of time . So basically everything in that table is a recent flow and will be purged within a short period if no other traffic is seen. There are netflow collectors you can buy to pull stats and make graphs etc...
 
Upvote 0 Downvote
Hello Cajuntank
Also give "NBAR" a try,it let you see the types of traffic and the amount of "bits" that is going through the Router.
Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
192
bdk76
bdk76
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
172
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
239
madwok
madwok
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
75
quazimotto
quazimotto
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
81
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top