Announcement

Collapse
No announcement yet.

Need help setting up traffic monitoring

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help setting up traffic monitoring

    Occasionally, someone with start draining all our bandwidth and I'd like to be able to tell who.

    Originally, I was going to set up netflow, but it appears my Cisco 1720 doesn't support it.

    So now I'm looking at port mirroring on my switches. I have a stack of two Super Stacker II 3300XMs. I can find absolutely no documentation stating that these have been configured in any way.

    In my reading, I found I can manage them via a console cable, a web interface or via SNMP. I don't have a console cable, so I can't do either of the first options as you need to use a console cable to setup the web interface. That leaves me with the SNMP route. I downloaded a MIB browser called iReasoning and I have absolutely no idea how to use it. I think I managed to find the bin and MIB files for my switch and load them. I have a menu with a ton of options but really no clue as to what they do. If I double click something, it eventually returns an "SNMP Timeout" message.

    The only way I'm familiar with monitoring traffic is to plop a hub in between the switch and the router with a workstation on it and start sniffing, but I don't have a hub.

    So... does anyone have any idea how I can set up port mirroring on my switches?

    We already have PRTG set up, but it's the free version and really only tells me stuff is going in or coming out.

  • #2
    Re: Need help setting up traffic monitoring

    SNMP would require that the device has an ip address, is configured for SNMP, and that you know what the SNMP community strings are. It looks like you'll have to get a console cable to do the intial configuration. After that you can set up PRTG with a packet sniffer sensor, enable port mirroring/monitoring on the switch, and analyze the traffic. With the PRTG packet sniffing sensor you'll see the type of traffic (http, smtp, etc), the volume of traffic, and the source and destination of the traffic. I use PRTG on my network to give me all this information and I use it to track down bandwidth "hogs".

    Comment


    • #3
      Re: Need help setting up traffic monitoring

      Originally posted by joeqwerty View Post
      SNMP would require that the device has an ip address, is configured for SNMP, and that you know what the SNMP community strings are. It looks like you'll have to get a console cable to do the intial configuration. After that you can set up PRTG with a packet sniffer sensor, enable port mirroring/monitoring on the switch, and analyze the traffic. With the PRTG packet sniffing sensor you'll see the type of traffic (http, smtp, etc), the volume of traffic, and the source and destination of the traffic. I use PRTG on my network to give me all this information and I use it to track down bandwidth "hogs".
      Darn. Does the free version of PRTG report traffic by type and source IP?

      Comment


      • #4
        Re: Need help setting up traffic monitoring

        Yep. I use the free version on a standalone machine connected to my LAN switch and port mirror my router uplink port on the switch to my standalone machine port on the switch. I can see who goes where and when, how much traffic they're passing, what type of traffic it is (http, pop, smtp, etc.), etc.

        The free version allows you to have only a limited number of active sensors (one I think). You can create an unlimited number of sensors but you're limited to how many can be active. I just keep them all paused and resume only the one I need at the moment.

        Comment


        • #5
          Re: Need help setting up traffic monitoring

          So I would just pause the sensor on the router and change it to the sensor on the port switch to the router (or is it to the mirror of the router port switch to which the PC is connected)?

          Originally posted by joeqwerty View Post
          Yep. I use the free version on a standalone machine connected to my LAN switch and port mirror my router uplink port on the switch to my standalone machine port on the switch. I can see who goes where and when, how much traffic they're passing, what type of traffic it is (http, pop, smtp, etc.), etc.

          The free version allows you to have only a limited number of active sensors (one I think). You can create an unlimited number of sensors but you're limited to how many can be active. I just keep them all paused and resume only the one I need at the moment.

          Comment


          • #6
            Re: Need help setting up traffic monitoring

            Nope, you're making it a bit more complicated then it needs to be. You only need one sensor. I was merely telling you that you could have more than one. Here's what to do:

            Install PRTG free edition on a machine connected to the switch, let's say it's connected to port 2 and your router is connected to port 1.

            Create a packet sniffer sensor in PRTG.

            Configure your switch to mirror all packets from port 1 to port 2.

            PRTG now will see all traffic going through port 1, which is all traffic inbound and outbound to and from the internet. The sensor will show source ip address, destination ip address, traffic type, volume, etc.

            Comment


            • #7
              Re: Need help setting up traffic monitoring

              Making things needlessly complicated is the only thing I excel at.
              Originally posted by joeqwerty View Post
              Nope, you're making it a bit more complicated then it needs to be. You only need one sensor. I was merely telling you that you could have more than one. Here's what to do:

              Install PRTG free edition on a machine connected to the switch, let's say it's connected to port 2 and your router is connected to port 1.

              Create a packet sniffer sensor in PRTG.

              Configure your switch to mirror all packets from port 1 to port 2.

              PRTG now will see all traffic going through port 1, which is all traffic inbound and outbound to and from the internet. The sensor will show source ip address, destination ip address, traffic type, volume, etc.

              Comment


              • #8
                Re: Need help setting up traffic monitoring

                LOL. keep us posted as you make progress.

                Comment


                • #9
                  Re: Need help setting up traffic monitoring

                  Mmmmk... I have two serial cables and I found this in the PDF manual:



                  If I don't reply in a few days, assume my switch electricuted me.


                  --Since the switches are connected, will they be configured as one unit? If I unhook them, will they both retain the configuration? If I swap one out, will it copy the configuration?
                  Last edited by Kayden; 26th March 2009, 22:22.

                  Comment


                  • #10
                    Re: Need help setting up traffic monitoring

                    That looks like a serial rs232 null modem cable with some type of handshaking, but I'm no expert.

                    If the switches are configured individually then you should be able to modify/configure each one without affecting the other. If they're stacked that is probably not the case.

                    Comment


                    • #11
                      Re: Need help setting up traffic monitoring

                      I've got the cable done, I'm just some what reticent to plug it in...

                      ***
                      I don't think I'm going to go this route. All the documentation is about 15 years old and all the management apps were written for windows 95...
                      Last edited by Kayden; 30th March 2009, 20:52.

                      Comment

                      Working...
                      X