How to LOG the incoming and outgoing HTTP request ?

Answered Question
Dec 13th, 2010

Hello,

I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.

I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.

I would like to see what is causing this ?!?

DEBUG ? LOG ?

Any help is welcome

Best Regards,

Didier

I have this problem too.
0 votes
Correct Answer by Atif Awan about 3 years 4 months ago

Didier1966 wrote:

Hello,

I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.

I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.

I would like to see what is causing this ?!?

DEBUG ? LOG ?

Any help is welcome

Best Regards,

Didier

Have you considered turning on Netflow on the 1841 and looking at the top hosts from a traffic perspective? This will not only identify the top hosts but also the protocols in use. What it will not be able to tell you is that whether it is genuine HTTP traffic or some peer-to-peer application hiding itself behind port 80. If you need that level of visibility you can consider NBAR with appropriate PDLMs.

Atif

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
Atif Awan Mon, 12/13/2010 - 21:21

Didier1966 wrote:

Hello,

I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.

I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.

I would like to see what is causing this ?!?

DEBUG ? LOG ?

Any help is welcome

Best Regards,

Didier

Have you considered turning on Netflow on the 1841 and looking at the top hosts from a traffic perspective? This will not only identify the top hosts but also the protocols in use. What it will not be able to tell you is that whether it is genuine HTTP traffic or some peer-to-peer application hiding itself behind port 80. If you need that level of visibility you can consider NBAR with appropriate PDLMs.

Atif

Didier1966 Tue, 12/14/2010 - 15:10

Hello Atif,

Thank you for this really good information

I am actually reading all the white pages and when I understand it I will implement it.

Thanks Again.

Best Regards,

Didier

Actions

Login or Register to take actions

This Discussion

Posted December 13, 2010 at 2:55 PM
Stats:
Replies:2 Avg. Rating:5
Views:441 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard