06-17-2016 03:40 PM
Community,
Im reaching out to you for your suggestions in this matter. Without Netflow, how can one identify what hosts or flows are saturating a link on Cisco devices that dont support netflow? Solarwinds NPM can tell me a link is being saturated but without the device being netflow capable I have no way of telling whats causing the saturation. Are there any products out there that can do this? Any tips or tricks you know about to identify bandwidth hogs on links (layer 2 and layer 3)? Thanks.
Solved! Go to Solution.
06-20-2016 12:20 PM
I've used the free ntop before. It's pretty good.
You setup a machine with two NICs. Mirror the traffic you want to monitor to one NIC, and you use the other to access it with your web browser.
06-17-2016 11:15 PM
What kind of device is it? Cisco 897 router, Cisco 3650 switch, what?
06-20-2016 12:03 PM
Phil,
Its a 3750x switch. Layer 2 uplink to an AT&T Opti-MAN circuit. Solarwinds NPM can tell me how saturated the link is via bandwidth utilization but i have no way of knowing what devices or traffic flows are causing it.
06-20-2016 12:06 PM
If you are just doing it for a short period, span the MAN port to another port, and plug in a notebook with Wireshark. Leave a big capture running, and then let Wireshark summarise it for you.
06-20-2016 12:10 PM
Phil,
Thanks for the tip. Are there any other more "long term" solutions you recommend? It seems the main option is to set up SPAN for selected interfaces you want to monitor and send the traffic to some 3rd party device or software.
06-20-2016 12:20 PM
I've used the free ntop before. It's pretty good.
You setup a machine with two NICs. Mirror the traffic you want to monitor to one NIC, and you use the other to access it with your web browser.
06-20-2016 05:16 PM
Thanks Phil. Much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide