×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Network Packet Monitoring tool

Unanswered Question
Nov 29th, 2005
User Badges:

HI

I have 50 client pc, cisco switch and router. often i face a problem that is large packet generate. manullay i find out which pc generate exceed number of packet. its boring job.

I am looking a best packet monitoring software. by the software i can find out every pc generate type of packet, number of packet and whats reason packet generate .for which reason workstation/pc generate packet.

IF I install the software in my monitoring pc then i can get all information from the workstation pc or any configturation in gateway Cisco switch ? for monitoring.


pls give me the information about the software who are used and get benefit.


thanks


Biplob


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
thisisshanky Wed, 11/30/2005 - 21:09
User Badges:
  • Purple, 4500 points or more

In addition to what Edwin and Rick suggested, "IP route-cache flow" on the interfaces of the router which enables Netflow, to figure out top talkers, as well as protocol level stats (you will need a hex to dec converting calculator, windows calc will do).


If you are looking for a "Nice but Xpensive" solution you can get modules such as NAM (for 6509) and NM-NAM for the routers, which has a built in packet capture tool and an embedded web interface to display the captured output..


HTH


PS: Please remember to rate replies!

Georg Pauwen Wed, 11/30/2005 - 05:14
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 WAN

Hello,


in addition to Edwin´s post, you might want to start out with enabling ´ip accounting´ on your router interfaces. The output will give you source and destination IP address pairs, as well as the number of packets and bytes.

Also, there is a free sniffer available that might be useful, you can download it at:


www.ethereal.com


HTH,


GP

iqbalkhan Sat, 12/03/2005 - 21:25
User Badges:

Hi


Thanks to all. For this software any configure in switch like configure monitor port enable ?


Thanks biplob

desai.jaideep Sun, 12/04/2005 - 22:39
User Badges:
  • Gold, 750 points or more

Hi,


No need.These software will monitor all the packets roaming in ur LAN.

PS:-Even the spanning tree packets and CDP packets will be visible.


Regards


JD

iqbalkhan Mon, 12/05/2005 - 00:00
User Badges:

thanks but my question is my pc where install the software , the network cable connect any port of a switch, then i get all information from the network where pc are connect the switch ?

or connect the monitor port of gateway switch.


thanks

biplob

desai.jaideep Mon, 12/05/2005 - 00:09
User Badges:
  • Gold, 750 points or more

Hi


I am not able to understand what a "Gateway switch" is?Probably give the model no.

The software will listen to the packets in your typically what you call a broadcasting domain.Hence the PC should be connected to a normal port, just like other PCs in your network so that you would be able to "sniff" the packets.Try installing in your workstation PC.


Regards


JD

iqbalkhan Wed, 12/07/2005 - 00:01
User Badges:

Hi


Its a excellent helpful software.i already insatalled and observation it. its provide me which I want.

but i have some question:

it has option

1. protocol, decode, connection, statistics and capture filter.


in protocol option i found 1.frame and ethernet.

i run the software 5 min and shows ethernet 98%.


This protocol and statistic option shows overall network statistic or my pc lancard statistic ?


2. In connection option dispaly always realtime log ?


3.when percantage 100% then capture stop or freeze and when i again start then it work so for 30 min or 1 hour continious observation what i configure ?


for best benefit from this software any suzzation from you in configure level ?.


Thanks

Biplob


desai.jaideep Wed, 12/07/2005 - 06:47
User Badges:
  • Gold, 750 points or more

Hi


Ques 1--> It is overall network statics for your network

Ques 2-->In connection window,the log is always based on the capture.You may refer it as realtime until you are capturing.

Ques 3-->To tell u the truth, I never tried to do 100% capture,b'coz my problems are solved before that,but try maximizing the capture size.The default settings are best suited.


PS:Monitor the decode window, thats where the action is.


Regards


JD

Actions

This Discussion