How to LOG the incoming and outgoing HTTP request ?

Answered Question
Dec 13th, 2010
User Badges:

Hello,


I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.


I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.


I would like to see what is causing this ?!?


DEBUG ? LOG ?


Any help is welcome


Best Regards,

Didier

Correct Answer by Atif Awan about 6 years 6 months ago

Didier1966 wrote:


Hello,


I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.


I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.


I would like to see what is causing this ?!?


DEBUG ? LOG ?


Any help is welcome


Best Regards,

Didier


Have you considered turning on Netflow on the 1841 and looking at the top hosts from a traffic perspective? This will not only identify the top hosts but also the protocols in use. What it will not be able to tell you is that whether it is genuine HTTP traffic or some peer-to-peer application hiding itself behind port 80. If you need that level of visibility you can consider NBAR with appropriate PDLMs.



Atif

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Atif Awan Mon, 12/13/2010 - 21:21
User Badges:
  • Cisco Employee,

Didier1966 wrote:


Hello,


I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.


I have put a small router (CISCO WRT 610N) and it was the same.

When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.


I would like to see what is causing this ?!?


DEBUG ? LOG ?


Any help is welcome


Best Regards,

Didier


Have you considered turning on Netflow on the 1841 and looking at the top hosts from a traffic perspective? This will not only identify the top hosts but also the protocols in use. What it will not be able to tell you is that whether it is genuine HTTP traffic or some peer-to-peer application hiding itself behind port 80. If you need that level of visibility you can consider NBAR with appropriate PDLMs.



Atif

Didier1966 Tue, 12/14/2010 - 15:10
User Badges:

Hello Atif,


Thank you for this really good information


I am actually reading all the white pages and when I understand it I will implement it.


Thanks Again.


Best Regards,

Didier

Actions

This Discussion