|
|
|
Finding bandwidth hogs on your network with NetFlow Listener
|
|
Applies to:
|
PacketTrap Perspective
|
|
Finding bandwidth hogs on your network with NetFlow Listener
Once you have configured Perspective properly to fit your environment, alleviating network issues is an easy process. Within minutes you can cross reference data points from Perspective tools and gadgets to get a picture of what is transpiring.
For Example:
1. You receive complaints of slow internet speeds from your colleagues. Assuming your user headcount and application usage has been relatively stable, you now turn to pt360 Tool Suite to isolate the cause of this issue.
2. From your Dashboard, check the Network Interface Chart gadget that is displaying your core router traffic. You notice instantly from the gadget that your network has connectivity. Further you can see that indeed the WAN interface is near capacity at 88% usage. A quick glance at your corporate websites in Open Source web viewer shows that your sites are at least up.
3. Use NetFlow Listener to view specific detail on your core router with respect to Applications, Conversations, Domains, Endpoints (nodes / devices), and Protocols. From this you select Endpoints to view the IP(s) that are using the most bandwidth. Next, sort these by the 'KB' column to see that a specific set of IPs (10.1.100.16, 10.1.100.35 and 10.1.100.77)is taking the majority of the bandwidth.
4. Click on Applications (other) to view port traffic that you do not recognize. This reveals traffic on ports in the 6881-6999 range. Confirm by clicking on Conversations that the IPs you found are using these unauthorized ports. Usage on these ports suggest bittorennt traffic.
5. Re-run Network Discovery on the identified IPs to verify bittorrent client process and / or installed software.
6. Login the your firewall web interface using an Open Source Web Viewer gadget and create deny rules for the 6881-6999 port range.
In just ten minutes time you have identified and solved a critical issue end to end.
|
|
|
|
|