What makes it really easy for me is all the PCs are connected to the data port on a VoIP phone which uses CDP. It's pretty easy to spot unusual sustained activity and then as easy as going to that switch and see what port it's coming from. I have an MRTG graph of all my switches uplink ports. You could use a free tool like wireshark or download a free trial of our LANGuardian, deploys on vmware or say a spare server.įor "one of" situations at a remote site you can turn up IP accounting if you have a Cisco router. WHERE to sniff depends on your network design, but, if the network is pretty centralised, say all the traffic flowing thru a small number of core switchs, with SPAN ports you will easily and immediately get a great visibility. Your traffic can be a great source of information and visibility, into usage, bandwidth, applications deployed and bandwidth used, what users are doing, etc. If you can sniff traffic, say from your managed switch via a SPAN port for example, you will get this detail, the NAMES, files, users, URIs, etc. With Deep Packet Inspection they got to this detail immediately.
#Troubleshot intermapper flows update#
We have a retail customer with lots of sites, closed up for Xmas, opened up again 2 days later, powered on the machines, people screaming the network is slow, we can't take orders, turned out when the machines powered on they ALL started doing a Windows update at the same time and hammered the link. We've seen this before, trying to get to the detail, to find the 'smoking gun' to understand AND prove to somebody what is causing it can be tricky but invaluable. >There have been twice this week that we had 2 different locations experiencing this.
0 kommentar(er)
