Bandwidth usage by protocol
Hi all,
We run a number of bandwidth monitoring tools (namely PRTG) to monitor bandwith utilization going through our switches but I need to understand the bandwidth usage by protocol for a specific server.
The server is running Windows 2003 and I cannot for the life of me get a breakdown of the server's bandwidth utilization on a protocol by protocol basis. Any ideas how i can get this info?
Thanks
Dan.
I suggest using something such as Netflow if your switch/router supports it. This will log the usage, protocol, destination and source for deeper analysis.
i.e. Cisco
Global Conf
(global)ip flow-export IPADDDRESS version 5
Where IP is the IP of the Netflow Monitoring System
Interface Conf
(interface) ip route-cache flow
Required on all interfaces to be monitored.
Some people are mugs...
Last edited by internetod; 5th December 2006 at 12:35 PM. Reason: Adding Commands
The switches are 2950t's so i don't think netflow is going to be possible.
Are there any software tools that will do this for me?
I know Ethereal and Network Monitor Service can analyze data on a packet by packet basis but they seem to lack the ability to display the bandwidth used for a particular protocol.
I guess you're not routing your own network either?
If not, does your provider offer you any tools for monitoring?
Some people are mugs...
The only last option you have if you don't route your own network and your provider can't help is to setup a "monitoring or probe port" and packet watch it - although its not really a good solution as your using up a port and it'll be quite CPU intensive.
Robert Bentley
SynergyWorks Internet - SynergyWorks.co.uk - AS41659
Dedicated Servers - Virtual Servers - Kent Science Park Colocation & Rackspace - IP Transit
T: +44 (0)1622 808 420 / F: +44 (0)1622 808 422 / E: r.bentley [at] synergyworks.co.uk
VAT #: GB 913 4306 53
Sorry my fault for not explaining the problem in full.
Routing is managed by Verizon who provide a tool called "Application Insight" in order for us to see a breakdown of our entire network traffic on a protocol by protocol basis. Application Insight has shown that VPN traffic has increased to be nearly 60% of our entire network utilization over the past couple of months! I have tracked this down to a server but am intrieged to see what is being transferred via the VPN to require so much bandwidth.
Application Insight reports the traffic as being IPSec but the VPN connection is to a perimeter PIX firewall. Beyond this point the traffic is not encrypted by IPSec and it is here that I want to perform the analysis (either on the switch or the server iteself).
Any help or pointers will be much appreciated.
Dan.
That gets rather more complex as far as I am aware, the PIX won't export Netflow data and Highlight from NetEvidence requires Netflow data for its details.
With regard to the traffic, do you have any monitoring of the switch ports that may help identify which swichports traffic level has increased greatly over the past months, and narrow it down to a specific system?
Then maybe actually take a look what that system is doing to generate the traffic.
Steve Wright
DediPower Managed Hosting | Support with Passion
NEWS: Stuart Varrall of Fluid Pixel Wins National DediPower Digital Awards
put an ntop box on a SPAN... that will give you what you want
Goscomb Technologies Limited - www.goscomb.net / AS39326
E: sales@goscomb.net P: +44 (0) 203 129 4400 F: +44 (0) 203 129 4410
Free IPv4/IPv6 Dialup! p: 08456043047 u: dial@goscomb.net.uk p: dial
IP Transit :: Colocation :: Dedicated Servers :: Leased Lines :: DSL
Registered in England and Wales No. 05672987 - VAT Registration No. 853 7954 80
Schumie, i've already narrowed it down to a single box so now i want to analyse its activity.
And i had a horrible feeling someone hugely technical would come along and recommend a unix / linux solution! I'm not too linux savy but if that's the only solution out there then so be it!! Thanks goscombtech.
Before i steam into this are there any other recommendations?
if you want a quick way... http://www.ntop.org/nBox86.html
all done for you as an appliance of sorts, just need to config the switch and plug it in then
Goscomb Technologies Limited - www.goscomb.net / AS39326
E: sales@goscomb.net P: +44 (0) 203 129 4400 F: +44 (0) 203 129 4410
Free IPv4/IPv6 Dialup! p: 08456043047 u: dial@goscomb.net.uk p: dial
IP Transit :: Colocation :: Dedicated Servers :: Leased Lines :: DSL
Registered in England and Wales No. 05672987 - VAT Registration No. 853 7954 80
Or CactiEZ perhaps...doddle to setup
Anthony Bennett - Sales Director Hi-Velocity
Colocation - IP Transit - Interconnects - Leased Lines - SDSL - ADSL- Wholesale DSL
www.hi-velocity.net
I'm actually using Netlimiter at the moment and i seem to have tracked the problem down to SQL traffic. Further investigation has found a DTS package that uploads a 200MB database to our network every few minutes!!
I've actaully used Netlimiter to restrict this traffic and am currently in talks with those responsible as to why so much traffic must be uploaded so frequently
You're recommendations have been taken onboard though, and i will investigate them in time, there's obviously a need for us to be running this kind of analysis on an ongoing basis...
Thanks again
Dan.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
