Wan utilization

I have a situation where there is a link between my site and a data center, and this link has hit 100% utilization, what tools can I used to diagnose the cause of this.

Also, on a cisco switch how can I set a particular port to broadcast all traffic on that switch out of that port so I can use ehtheral or another sniffer for diagnosis?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

astorrs

What kind of WAN link is it? (Frame, VPN, MPLS, etc)

slinuxuzer

T1 / E1

astorrs

Is the router connected to a managed switch on the LAN port? (what kind of router is this anyway?)

astorrs

astorrs wrote:

Is the router connected to a managed switch on the LAN port? (what kind of router is this anyway?)

Let me clarify, this isn't a Catalyst Express 500 is it?

slinuxuzer

yes, cisco 2950, cisco 1800 router

astorrs

Okay that's easy then. Follow this guide to configure SPAN:

http://www.cisco.com/warp/public/473/41.html#topic5

Configure your switch to mirror the traffic on your router's switch port (both rx and tx) to a free port and then hook up your laptop (or whatever you have) and start a capture. If you have access to an expert protocol analyzer (if not ethereal will do) have it run through the capture to see what are the major traffic types (protocol, ports, etc) and who are the "biggest talkers", etc.

astorrs

Looks like WireShark (an ethereal port - well sort of) can do everything you need (look at Expert Info and Statistics in the documentation).

http://www.wireshark.org/

Ahriakin

Or use netflow - Wireshark could be used but it'd be like cracking a walnut with a sledgehammer since the learning curve and work involved in understanding traffic flows from it are relatively high vs. using Netflow. Adventnet do a free edition of their Netflow analyzer, http://manageengine.adventnet.com/products/netflow/index.html , that will still monitor 2 interfaces after the 30 day trial is up. Configuration on your router and the software itself is very easy. It will give you a very detailed traffic analysis (a breakdown of protocols used, source and destination address etc. and every percentile you'd need to view in between from an easy to use Web interface).

astorrs

Thanks Ahriakin, I didn't know of any free NetFlow analyzers. I'll have to check it out it would come in handy for situations like these.

gojericho0

Scrutinizer is another free tool that will act as a collector for netflow. This is what I use for my clients

http://www.plixer.com/products/free-netflow.php

astorrs

Nice, thanks Jericho I will check that one out too. I haven't done much in the networking space for the last 3 years so I'm behind the curve on all the free goodies out there.

rakem

netflow.