I have 50 client pc, cisco switch and router. often i face a problem that is large packet generate. manullay i find out which pc generate exceed number of packet. its boring job.
I am looking a best packet monitoring software. by the software i can find out every pc generate type of packet, number of packet and whats reason packet generate .for which reason workstation/pc generate packet.
IF I install the software in my monitoring pc then i can get all information from the workstation pc or any configturation in gateway Cisco switch ? for monitoring.
pls give me the information about the software who are used and get benefit.
I would suggest to check something inline with VSAPN or RSPAN so that you can connect ur montiroing pc to any of the ports and start collecting the datas about the traffic flow over the vlans or the switch ports.
In addition to what Edwin and Rick suggested, "IP route-cache flow" on the interfaces of the router which enables Netflow, to figure out top talkers, as well as protocol level stats (you will need a hex to dec converting calculator, windows calc will do).
If you are looking for a "Nice but Xpensive" solution you can get modules such as NAM (for 6509) and NM-NAM for the routers, which has a built in packet capture tool and an embedded web interface to display the captured output..
PS: Please remember to rate replies!
in addition to Edwin´s post, you might want to start out with enabling ´ip accounting´ on your router interfaces. The output will give you source and destination IP address pairs, as well as the number of packets and bytes.
Also, there is a free sniffer available that might be useful, you can download it at:
No need.These software will monitor all the packets roaming in ur LAN.
PS:-Even the spanning tree packets and CDP packets will be visible.
thanks but my question is my pc where install the software , the network cable connect any port of a switch, then i get all information from the network where pc are connect the switch ?
or connect the monitor port of gateway switch.
I am not able to understand what a "Gateway switch" is?Probably give the model no.
The software will listen to the packets in your typically what you call a broadcasting domain.Hence the PC should be connected to a normal port, just like other PCs in your network so that you would be able to "sniff" the packets.Try installing in your workstation PC.
Its a excellent helpful software.i already insatalled and observation it. its provide me which I want.
but i have some question:
it has option
1. protocol, decode, connection, statistics and capture filter.
in protocol option i found 1.frame and ethernet.
i run the software 5 min and shows ethernet 98%.
This protocol and statistic option shows overall network statistic or my pc lancard statistic ?
2. In connection option dispaly always realtime log ?
3.when percantage 100% then capture stop or freeze and when i again start then it work so for 30 min or 1 hour continious observation what i configure ?
for best benefit from this software any suzzation from you in configure level ?.
Ques 1--> It is overall network statics for your network
Ques 2-->In connection window,the log is always based on the capture.You may refer it as realtime until you are capturing.
Ques 3-->To tell u the truth, I never tried to do 100% capture,b'coz my problems are solved before that,but try maximizing the capture size.The default settings are best suited.
PS:Monitor the decode window, thats where the action is.