Cisco Support Community
Community Member

How to detect unnecessary traffic

My organisation is connected to the internet via a 64 k dataline. I use network address translation(NAT) and access list on my router to map internal ip addresses to the outside and give staff access to the internet. The problem is that internet traffic seems to be at pick all the time despite the number of computers accessing the internet. I suspect that some computers are sending traffic continuously to the internet. So, is there a way of detecting which ip addresses or which computers are sending this traffic? Can spam increase the amount of traffic in such magnitude? If so is there a way of blocking spam on the router or which ever? Is there anything I need to take into consideration to control traffic flow on my router interface before it goes out to the internet


Re: How to detect unnecessary traffic

First you have to be realistic 64 K is barely over 1 56K dialup setup so if you have more than 1 person accessing this line at a time the pipe is going to be full most of the time and correspondingly slow if you have multiple people accessing at once . I think you probably have done most of what you can with nat etc to keep things cleaned up . You might want to make sure you don't have any viruses on you pc's as a lot of the recent viruses would try to go to a lot of different addresses at the same time thus flooding even high speed links . You could try turning on ip route-cache flow on your interfaces and then look at the flows by useing the show ip cache flow command and see if anything looks out of the ordinary .

CreatePlease to create content