Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need to find out who is generating all the incoming traffic..

I have 2600 router at a remote location with an E-1 that is constantly getting hammered with traffic. The load is on the incoming side :

txload 7/255, rxload 250/255

How can I tell which device on the inside network is all this traffic going to?

Thanks for any help.

  • Other Network Infrastructure Subjects
5 REPLIES
New Member

Re: Need to find out who is generating all the incoming traffic.

enable netflow caching on router interfaces. You could be hit with a virus on your network. ip route-cache flow on your interfaces will enable it.

use show ip cache flow to find out statistics.

http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

check this link

New Member

Re: Need to find out who is generating all the incoming traffic.

Thanks, I did enable netflow on the serial and the ethernet ports, but I'm not sure about the output when I do a show ip cache flow, I see things like:

SreIf SrcIP DstIf

Se0/0:0 12.221.33.195 Null

Any ideas on what this is?

Silver

Re: Need to find out who is generating all the incoming traffic.

SrcIf: Source interface from which the packets flow are coming on the router.

SrcIPaddress: Source IP Address of the packet flow

DstIf: Destination Interface for the packet flow on the router.

DstIPaddress: Destnation IP address of the packet flow.

Pr: IP Protocol Type of the packet flow

SrcP: Source Protocol Number of the packet flow

DstP: Destination Protocol number of the packet flow

Pkts: Number of packets in the flow

New Member

Re: Need to find out who is generating all the incoming traffic.

You could also try installing a network packet sniffer such as Ethereal (www.ethereal.com) and sample the traffic being generated; if you show heavy traffic from one or a few IP sources to specific ports, they could be virus infected.

New Member

Re: Need to find out who is generating all the incoming traffic.

On your interface on the local side of the remote link do an ip accounting output-packets then show ip accounting.

This will list the source and destination and the number of bytes transfered. Obviously this will show which hosts are getting a belting. You'll probably find that a number of hosts are getting a large amounts of data compared to other hosts. Check these hosts first for virus or other suspicious activity.

138
Views
0
Helpful
5
Replies
This widget could not be displayed.