08-23-2010 11:47 AM
We're experiencing a "slow" network report on one of our field sites. Using SNMP/MRTG I did confirm that the link is being saturated.
Now I'd like to analyze what might be causing the traffic spike. Unfortunately my router doesn't support NetFlow. So I used a span port and captured a few minutes worth of traffic. Now that I've got my .cap file, how do I analyze it? I have WireShark, which shows me all the packets. But I'd like a summary that tells me:
-Protocol breakdown. What protocols are using what percentage of the bandwidth
-Top talkers. What IPs are using the most bandwidth.
I can't seem to find that in wireshark. Any other opensource tools I could use to analyze my capture file?
Thanks
08-23-2010 11:58 AM
Wireshark:
Protocol breakdown: Statistics\Protocol Hierarchy
Top talkers: Statistics\End Points\IPv4 - sort by Bytes column
V
08-23-2010 12:09 PM
Thanks. Top Talkers works as I expected, so thanks for that!
But for the protocol breakdown, the report seems a little odd. It shows me 49.24% of the traffic is data, but then doesn't really break it down beyond that (nothing adds up to the full 100% of TCP). See attachment. Thanks!
08-23-2010 12:27 PM
HELP says that it is taken by protocol overhead....
V
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide