Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1398
Views
0
Helpful
3
Replies

PROBLEM WITH INTERNET CONNECTION

tomocisco
Level 1
Level 1

‎10-06-2009 08:56 AM - edited ‎03-04-2019 06:16 AM

Hi,

We have been experiencing very slow internet connection problem such that our users find it very difficult to browse legitimate sites and the systems can't download needed updates.

I contacted our Internet service provider and they insisted that the problem is from our end, they said that there is a lot of upload from our network, that probably it may be due to virus activities.

Please how can I monitor flow from individual end systems to determine the ones that are using much bandwidth?

I used the 'ip route-cache flow' in interface configuration mode of my internet router.

But I don't know how to interpret the 'show ip cache flow' or 'show ip cache' outputs or how to export the flow statistics real time to windows where i can monitor it.

Can some one help me with suggestion on how I can monitor the system bandwith usage or how to interpret and use the 'show ip cache flow' output.

Thanks

Tom

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-06-2009 09:18 AM

Hello Tom,

the easier way is to use ip accounting

on internet facing interface use

ip accounting output-packets

wait some minutes and use

sh ip accounting

if you see some hosts having hundreds of flows to different destinations in the internet you have found probable infected PCs

Hope to help

Giuseppe

0 Helpful

tomocisco
Level 1
Level 1
In response to Giuseppe Larosa

‎10-07-2009 07:38 AM

Hi,

Thanks so much for your input, its very helpful.

I was able to view the data flow, ip addresses of sites our end users browse on the internet. I believe this will really help me to check bandwidth.

Is there any means (may be in windows command) that ip addresses can be used to know web addresses?

I'm thinking of how to differentiate sites sending virus or malicious ware from legitimate sites.

Thanks for your help.

Tom

0 Helpful

nsn-amagruder
Level 5
Level 5

‎10-06-2009 09:55 AM

How much bandwidth do you have and how many users?

The ip cache flow is for netflow. You can install a free netflow collector from solarwinds on your desktop for short troubleshooting. Or use top-talker configuration to find the top talkers.

http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/cfg_nflow_top_talk_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1057151

Other things to look for are errors on every port between the user and the ISP. Speed/duplex mismatches. Sh ip int (isp interface) and see what the bandwidth usage is at the time users are experiencing the issue.

Do an extended ping from your ISP router to the ISP's router sourced from your serial interface. Ping with a packet size of 1500 to start and repeat 500 times.

Aaron

NonStop Networks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card