My organisation is connected to the internet via a 64 k dataline. I use network address translation(NAT) and access list on my router to map internal ip addresses to the outside and give staff access to the internet. The problem is that internet traffic seems to be at pick all the time despite the number of computers accessing the internet. I suspect that some computers are sending traffic continuously to the internet. So, is there a way of detecting which ip addresses or which computers are sending this traffic? Can spam increase the amount of traffic in such magnitude? If so is there a way of blocking spam on the router or which ever? Is there anything I need to take into consideration to control traffic flow on my router interface before it goes out to the internet
the easiest way to find out which IP hosts are sending the traffic is to turn on ip accounting on the (outside) interface facing the Internet. By enabling IP accounting, you can see the number of bytes and packets switched through the Cisco IOS software on a source and destination IP address basis. Keep in mind that only transit IP traffic is measured and only on an outbound basis; traffic generated by the software or terminating in the software is not included in the accounting statistics
To configure ip accounting (assuming that interface serial0 is your outside interface):
To view the ip accounting statistics gathered, use the 'show ip accounting' command.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...