Need traffic analysis tools

Discussion in 'Cisco' started by srp336@getcoactive.com, Aug 26, 2005.

  1. Guest

    I've got a router at another location of my company that been having
    some unexplained activity that I've been asked to investigate. The
    router in question is their border router to their ISP. Throughout the
    night, traffic is pretty much nil except for a period every single
    night from about 4am to 5am, when the inbound traffic suddenly goes to
    about 80% of their bandwidth. This is according to the ISP provided
    stats page which is run on the serial port on the ISP's side.

    I don't really have many formal tools to handle situations like this.
    Usually, I use gathered statistics, ip accounting, and debugging when
    things like this occur in the middle of the day when I'm at my desk.

    What can I use to find out what's going on?

    Thanks!
     
    , Aug 26, 2005
    #1
    1. Advertisements

  2. On 26.08.2005 17:33 wrote

    > I've got a router at another location of my company that been having
    > some unexplained activity that I've been asked to investigate. The
    > router in question is their border router to their ISP. Throughout the
    > night, traffic is pretty much nil except for a period every single
    > night from about 4am to 5am, when the inbound traffic suddenly goes to
    > about 80% of their bandwidth. This is according to the ISP provided
    > stats page which is run on the serial port on the ISP's side.
    >
    > I don't really have many formal tools to handle situations like this.
    > Usually, I use gathered statistics, ip accounting, and debugging when
    > things like this occur in the middle of the day when I'm at my desk.
    >
    > What can I use to find out what's going on?
    >


    Connect a Linux box to the switch where the ethernet interface of the
    router is connected to, SPAN [0] it to the Linux interface and run ntopd
    [2] on this interface.



    Arnold
    [0]
    http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008015c612.shtml
    [1] http://www.ntop.org/
    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Aug 26, 2005
    #2
    1. Advertisements

  3. Dan Daniels Guest

    <> wrote in message
    news:...
    > I've got a router at another location of my company that been having
    > some unexplained activity that I've been asked to investigate. The
    > router in question is their border router to their ISP. Throughout the
    > night, traffic is pretty much nil except for a period every single
    > night from about 4am to 5am, when the inbound traffic suddenly goes to
    > about 80% of their bandwidth. This is according to the ISP provided
    > stats page which is run on the serial port on the ISP's side.
    >
    > I don't really have many formal tools to handle situations like this.
    > Usually, I use gathered statistics, ip accounting, and debugging when
    > things like this occur in the middle of the day when I'm at my desk.
    >
    > What can I use to find out what's going on?
    >
    > Thanks!
    >


    NetFlow either with or without a tool like nTop.
     
    Dan Daniels, Aug 26, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.