[nsp] Suggestions on tracking down bandwidth offenders
Tony Mucker
Tony at tonymucker.com
Wed Jul 14 13:46:22 EDT 2004
I'm using a PIX 520, PIXOS 6.3 (sorry, forgot to mention that). I tried
the ip accounting for the output packets, but unfortunately all the
traffic is going to the firewall. Is there anything I can monitor on
the firewall to do this?
joshua sahala wrote:
>On (14/07/04 10:24), Tony Mucker wrote:
>
>
>>I've got a bandwidth problem (who doesn't). Something has been
>>saturating my poor little T1 for 24 hours straight now. For those of
>>you curious, here's what it looks like:
>>
>>http://www .ghideon.com/router-day.png
>>
>>Remove the white space and enjoy. In the past I've used ethereal dumps
>>to figure out who the big talkers were, but frankly it takes too long to
>>crunch all the packets. I've also tried etherApe, but the analysis
>>makes my poor little laptop crawl. Are there any tools out there that
>>will speed this up? Possibly by looking at the firewall logs?
>>
>>
>>
>
>depends on what kind of firewall you have - there are scripts for
>various firewalls, providing you have some sort of accounting turned
>on. for your router you can do some basic accounting too. either
>using netflow or ip accouting. google for top talkers scripts for
>each
>
>/joshua
>
>
More information about the cisco-nsp
mailing list