Wan utilization

slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
I have a situation where there is a link between my site and a data center, and this link has hit 100% utilization, what tools can I used to diagnose the cause of this.

Also, on a cisco switch how can I set a particular port to broadcast all traffic on that switch out of that port so I can use ehtheral or another sniffer for diagnosis?

Comments

  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    What kind of WAN link is it? (Frame, VPN, MPLS, etc)
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Is the router connected to a managed switch on the LAN port? (what kind of router is this anyway?)
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    astorrs wrote:
    Is the router connected to a managed switch on the LAN port? (what kind of router is this anyway?)
    Let me clarify, this isn't a Catalyst Express 500 is it?
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    yes, cisco 2950, cisco 1800 router
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Okay that's easy then. Follow this guide to configure SPAN:

    http://www.cisco.com/warp/public/473/41.html#topic5

    Configure your switch to mirror the traffic on your router's switch port (both rx and tx) to a free port and then hook up your laptop (or whatever you have) and start a capture. If you have access to an expert protocol analyzer (if not ethereal will do) have it run through the capture to see what are the major traffic types (protocol, ports, etc) and who are the "biggest talkers", etc.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Looks like WireShark (an ethereal port - well sort of) can do everything you need (look at Expert Info and Statistics in the documentation).

    http://www.wireshark.org/
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Or use netflow - Wireshark could be used but it'd be like cracking a walnut with a sledgehammer since the learning curve and work involved in understanding traffic flows from it are relatively high vs. using Netflow. Adventnet do a free edition of their Netflow analyzer, http://manageengine.adventnet.com/products/netflow/index.html , that will still monitor 2 interfaces after the 30 day trial is up. Configuration on your router and the software itself is very easy. It will give you a very detailed traffic analysis (a breakdown of protocols used, source and destination address etc. and every percentile you'd need to view in between from an easy to use Web interface).
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Thanks Ahriakin, I didn't know of any free NetFlow analyzers. I'll have to check it out it would come in handy for situations like these.
  • gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    Scrutinizer is another free tool that will act as a collector for netflow. This is what I use for my clients

    http://www.plixer.com/products/free-netflow.php
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Nice, thanks Jericho I will check that one out too. I haven't done much in the networking space for the last 3 years so I'm behind the curve on all the free goodies out there. :)
  • rakemrakem Member Posts: 800
Sign In or Register to comment.