[nsp] Suggestions on tracking down bandwidth offenders

Skeeve Stevens skeeve at skeeve.org
Wed Jul 14 18:16:52 EDT 2004


We've had a lot of trouble with NBAR in that it cannot deal with fragmented
packets.

On a link we are testing it on users are still able to use peer-to-peer even
though we have the drop QoS statements in there.

...Skeeve

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Earls, Michael
Sent: Thursday, 15 July 2004 6:01 AM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] Suggestions on tracking down bandwidth offenders

You can also run MRTG with NBAR to figure out the protocol that is eating up
your bandwidth. Then you should be able to look at the firewall logs based
on the protocol and time frame.

http://www.vermeer.org/display_doc.php?doc_id=6

-----Original Message-----
From: Noriega, Alejandro [mailto:ANoriega at prima.com.ar]
Sent: Wednesday, July 14, 2004 3:19 PM
To: Tony Mucker; cisco-nsp at puck.nether.net
Subject: RE: [nsp] Suggestions on tracking down bandwidth offenders


You can start to know what kind of traffic is saturating your link.

Interface X
 ip nbar protocol-discovery
 load-interval 60
!
show ip nbar protocol-discovery Stats Byte-R | e 00

Be careful about cpu usage.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Mucker
Sent: Wednesday, July 14, 2004 2:24 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Suggestions on tracking down bandwidth offenders


I've got a bandwidth problem (who doesn't).  Something has been saturating
my poor little T1 for 24 hours straight now.  For those of you curious,
here's what it looks like:

http://www .ghideon.com/router-day.png

Remove the white space and enjoy.  In the past I've used ethereal dumps to
figure out who the big talkers were, but frankly it takes too long to

crunch all the packets.  I've also tried etherApe, but the analysis makes my
poor little laptop crawl.  Are there any tools out there that will speed
this up?  Possibly by looking at the firewall logs?

Thanks
Tony
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


This e-mail transmission contains information that is confidential and may
be privileged.   It is intended only for the addressee(s) named above. If
you receive this e-mail in error, please do not read, copy or disseminate it
in any manner. If you are not the intended recipient, any disclosure,
copying, distribution or use of the contents of this information is
prohibited. Please reply to the message immediately by informing the sender
that the message was misdirected. After replying, please erase it from your
computer system. Your assistance in correcting this error is appreciated.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

========================================================================
 Pain free spam & virus protection by:          www.mailsecurity.net.au
 Forward undetected SPAM to:                   spam at mailsecurity.net.au
========================================================================



More information about the cisco-nsp mailing list