10-06-2009 08:56 AM - edited 03-04-2019 06:16 AM
Hi,
We have been experiencing very slow internet connection problem such that our users find it very difficult to browse legitimate sites and the systems can't download needed updates.
I contacted our Internet service provider and they insisted that the problem is from our end, they said that there is a lot of upload from our network, that probably it may be due to virus activities.
Please how can I monitor flow from individual end systems to determine the ones that are using much bandwidth?
I used the 'ip route-cache flow' in interface configuration mode of my internet router.
But I don't know how to interpret the 'show ip cache flow' or 'show ip cache' outputs or how to export the flow statistics real time to windows where i can monitor it.
Can some one help me with suggestion on how I can monitor the system bandwith usage or how to interpret and use the 'show ip cache flow' output.
Thanks
Tom
10-06-2009 09:18 AM
Hello Tom,
the easier way is to use ip accounting
on internet facing interface use
ip accounting output-packets
wait some minutes and use
sh ip accounting
if you see some hosts having hundreds of flows to different destinations in the internet you have found probable infected PCs
Hope to help
Giuseppe
10-07-2009 07:38 AM
Hi,
Thanks so much for your input, its very helpful.
I was able to view the data flow, ip addresses of sites our end users browse on the internet. I believe this will really help me to check bandwidth.
Is there any means (may be in windows command) that ip addresses can be used to know web addresses?
I'm thinking of how to differentiate sites sending virus or malicious ware from legitimate sites.
Thanks for your help.
Tom
10-06-2009 09:55 AM
How much bandwidth do you have and how many users?
The ip cache flow is for netflow. You can install a free netflow collector from solarwinds on your desktop for short troubleshooting. Or use top-talker configuration to find the top talkers.
Other things to look for are errors on every port between the user and the ISP. Speed/duplex mismatches. Sh ip int (isp interface) and see what the bandwidth usage is at the time users are experiencing the issue.
Do an extended ping from your ISP router to the ISP's router sourced from your serial interface. Ping with a packet size of 1500 to start and repeat 500 times.
Aaron
NonStop Networks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide