09-09-2003 09:52 AM - edited 03-02-2019 10:13 AM
I have 2600 router at a remote location with an E-1 that is constantly getting hammered with traffic. The load is on the incoming side :
txload 7/255, rxload 250/255
How can I tell which device on the inside network is all this traffic going to?
Thanks for any help.
09-09-2003 09:57 AM
enable netflow caching on router interfaces. You could be hit with a virus on your network. ip route-cache flow on your interfaces will enable it.
use show ip cache flow to find out statistics.
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
check this link
09-09-2003 10:52 AM
Thanks, I did enable netflow on the serial and the ethernet ports, but I'm not sure about the output when I do a show ip cache flow, I see things like:
SreIf SrcIP DstIf
Se0/0:0 12.221.33.195 Null
Any ideas on what this is?
09-10-2003 03:47 AM
SrcIf: Source interface from which the packets flow are coming on the router.
SrcIPaddress: Source IP Address of the packet flow
DstIf: Destination Interface for the packet flow on the router.
DstIPaddress: Destnation IP address of the packet flow.
Pr: IP Protocol Type of the packet flow
SrcP: Source Protocol Number of the packet flow
DstP: Destination Protocol number of the packet flow
Pkts: Number of packets in the flow
09-10-2003 06:44 AM
You could also try installing a network packet sniffer such as Ethereal (www.ethereal.com) and sample the traffic being generated; if you show heavy traffic from one or a few IP sources to specific ports, they could be virus infected.
09-10-2003 05:04 PM
On your interface on the local side of the remote link do an ip accounting output-packets then show ip accounting.
This will list the source and destination and the number of bytes transfered. Obviously this will show which hosts are getting a belting. You'll probably find that a number of hosts are getting a large amounts of data compared to other hosts. Check these hosts first for virus or other suspicious activity.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: