unwanted traffic in my fast ethernet

rajesh_colt · ‎01-16-2007

hi,

In my routers ethernet interface, that is my default gateway of my main network..lot of incoming traffic is comming at non peak hours that is originating from my internal network itself. i found this issue through MRTG. how will I identify which of my devices or system is generating unwanted traffic...I doubt it is a virus issue..pls help me giving a solution to find out which devices are originating this traffic.

David Stanford · ‎01-16-2007

You might want to first determine what type of traffic this high volume traffic is.

You could this with something like a Network Analysis Module, if you have one in a switch/router, or with a switch probe.

You can use a data/packet capture then to determine where it may be coming from.

vijayasankar · ‎01-17-2007

Hi,

You can also enable "ip accounting" on the router's ethernet interfaces.

The IP accounting command records the number of bytes (IP header and data) and packets switched through the system on a source and destination IP address basis.

You can use the command "show ip accounting" to examine the statistics gathered.

Please note that ip accounting is cpu intensive, hence once the purpose is over, remove the "ip accounting" from the configuration.

Hope this helps.

-VJ

rajesh_colt · ‎01-17-2007

hi,

vijay ,

really this helped me ....thanks a lot....before that i have enabled ip route-cache flow in the interface....

ip accounting is a good and easy to understand....great help.....

vijayasankar · ‎01-17-2007

Hi Rajesh,

Glad that the issue is resolved. Thanks for reverting back on the status.

Kindly rate the post, if it was helpful.

-VJ