Our office LAN is getting painfully slow. It's likely that something is hogging the bandwidth.
If I were to put a network hub between the ADSL router and the main office switch, presumably I could run something on a PC also connected to that switch which would point me in the direction of the problem?
I'm looking for something fairly simple, that would tell me (eg) which IP address was generating most of the traffic, and perhaps on which ports. Wireshark would probably do what I need but it's not (from what I remember) particularly simple to get simple results from.
Or, is there a better option?
On Wed, Sep 15, 2010 at 09:14:29AM +0100, Mark Rogers wrote:
If I were to put a network hub between the ADSL router and the main office switch, presumably I could run something on a PC also connected to that switch which would point me in the direction of the problem?
Yes, it probably would be a good first step, you could just try running something on a pc that isn't on that hub to be honest as if it's a broadcast storm or similar and not internet traffic you may see it immediately.
I'm looking for something fairly simple, that would tell me (eg) which IP address was generating most of the traffic, and perhaps on which ports. Wireshark would probably do what I need but it's not (from what I remember) particularly simple to get simple results from.
Wireshark is very easy to get results from, just it may contain too much data for you. There's a few good video tutorials showing you how to create filters on their site to help you pinpoint the problem.
Adam
On 15/09/10 09:23, Adam Bower wrote:
Yes, it probably would be a good first step, you could just try running something on a pc that isn't on that hub to be honest as if it's a broadcast storm or similar and not internet traffic you may see it immediately.
In other words, I could do this from my desktop without messing around? Cool. Got to be a good first step.
Wireshark is very easy to get results from, just it may contain too much data for you. There's a few good video tutorials showing you how to create filters on their site to help you pinpoint the problem.
Wireshark is something I should know, so I think this is something I should try. Thanks.
(I just hope there's enough bandwidth left to watch the tutorials!)
On 15/09/10 09:14, Mark Rogers wrote:
Our office LAN is getting painfully slow. It's likely that something is hogging the bandwidth.
If I were to put a network hub between the ADSL router and the main office switch, presumably I could run something on a PC also connected to that switch which would point me in the direction of the problem?
I'm looking for something fairly simple, that would tell me (eg) which IP address was generating most of the traffic, and perhaps on which ports. Wireshark would probably do what I need but it's not (from what I remember) particularly simple to get simple results from.
Or, is there a better option?
"iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?"
I occasionally run that on my OpenWRT router to have a quick look; it's simple and curses-based. If you want to get a lot more complex-but-pretty, look at ntop, which feeds a web interface.
-- Martijn
On 15 Sep 09:14, Mark Rogers wrote:
Our office LAN is getting painfully slow. It's likely that something is hogging the bandwidth.
If I were to put a network hub between the ADSL router and the main office switch, presumably I could run something on a PC also connected to that switch which would point me in the direction of the problem?
I'm looking for something fairly simple, that would tell me (eg) which IP address was generating most of the traffic, and perhaps on which ports. Wireshark would probably do what I need but it's not (from what I remember) particularly simple to get simple results from.
Or, is there a better option?
Throw a linux box with two NICs in between the ADSL router and the office switch, set the two nics to bridge, and get the bridge to get an IP - that way you can talk to the linux box remotely... Now, use ntop or iptraf (actually, iptraf would probably do what you want nicely) on the bridge device and bob's your mother's brother.
Cheers,
On 15/09/10 09:35, Brett Parker wrote:
Throw a linux box with two NICs in between the ADSL router and the office switch, set the two nics to bridge, and get the bridge to get an IP - that way you can talk to the linux box remotely... Now, use ntop or iptraf (actually, iptraf would probably do what you want nicely) on the bridge device and bob's your mother's brother.
I starting thinking about this too. If I'm going to do this, then it makes sense to stick something more permanent in there, eg an IPCop box, which (I assume - haven't looked recently) would give me the tools but also offer some additional features in terms of managing the bandwidth (and I think some kind of Windows Update proxy cache would be a step in the right direction).
Is IPCop a good choice? Untangle? A.N.Other?
-
Adam Bower -
Brett Parker -
Mark Rogers -
Martijn Koster