Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
3
Replies

Hoe to detect unnecessary traffic from computres

dmalamba
Level 1
Level 1

‎12-11-2003 04:17 AM - edited ‎03-02-2019 12:17 PM

My organisation is connected to the internet via a 64 k dataline. I use network address translation(NAT) and access list on my router to map internal ip addresses to the outside and give staff access to the internet. The problem is that internet traffic seems to be at pick all the time despite the number of computers accessing the internet. I suspect that some computers are sending traffic continuously to the internet. So, is there a way of detecting which ip addresses or which computers are sending this traffic? Can spam increase the amount of traffic in such magnitude? If so is there a way of blocking spam on the router or which ever? Is there anything I need to take into consideration to control traffic flow on my router interface before it goes out to the internet

Labels:
0 Helpful
3 Replies 3

d.vasilev
Level 1
Level 1

‎12-11-2003 06:41 AM

You can use technologies like Netflow and NBAR tocollect statistics about the traffic passed by a interface. Yes spam can increase the amount of traffic and you can not blok it on your router. Use third party antispam software. You can use rate-limit to different classes of traffic to control the bandwith on your interface. I think you can read a configuration guide about the router you have and build the configuration tha will satisfy all your needs.

0 Helpful

rgrcommo
Level 1
Level 1

‎12-11-2003 06:50 AM

The problem is that internet traffic seems to be at pick all the time despite the number of computers accessing the internet. I suspect that some computers are sending traffic continuously to the internet. So, is there a way of detecting which ip addresses or which computers are sending this traffic?

Yes:

r1#show ip nat translations

will show you contents of the translation table and you will be able to see the RFC 1918 addr.

-Setup and access-list to see the traffice that way.

-Setup a syslog server and point the router to it to monitor logs

-Setup CBAC on the router also.

Can spam increase the amount of traffic in such magnitude?

Yes:

Setup CBAC to fine to this. SMTP only

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c5.html

also use access-lists.

If so is there a way of blocking spam on the router or which ever?

Not that I know of, if coming from a certian IP then use an ACL but you have to control that on your mail server or put software on the hosts.

Is there anything I need to take into consideration to control traffic flow on my router interface before it goes out to the internet.

Yes:

Network Ingress Filtering

http://www.faqs.org/rfcs/rfc2827.html

also add CBAC to the router

add the above would be the minimum.

Jeff

0 Helpful

almetcousins
Level 1
Level 1

‎12-15-2003 05:49 AM

Hi

If your router IOS don't support CBAC, you can also monitor your in/out interface traffice enabling flow fast-switching cache. After doing that you can see all ip traffic flow issuing the sh ip cache flow command. The only thing is that the tcp ports will be given in hex so you'll have to convert them to dec. Once you know who is passing traffic you can apply acls.

Hope this help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card