[Semibug] Diagnosing a saturated network.

Jeremy Gransden jeremy.gransden at gmail.com
Thu Jan 12 14:04:23 EST 2017

Thank you all for the responses. I am currently reading through the
Practical Packet Analysis book and playing with wireshark. It is
showing me a wealth of information. It seems to be more of a "look at
what happened before", more so than a "look at what is happening now"
kind of thing though I am only about half way through it. I am dumping
with tcpdump and looking at the .pcap file with wireshark.

My eventual goal is to do as Mike has suggested. But for the time
being I am stuck with what is working (sorta).

thanks again for the pointers, I owe you guys a beer next time i can
make it to a meeting.


On Wed, Jan 11, 2017 at 1:00 PM, Mike Wayne <semibug15 at wayne47.com> wrote:
> On Wed, Jan 11, 2017 at 12:07:25PM -0500, Jeremy Gransden wrote:
>> I have a network of 8 pcs and several phones all connected to the
>> Internet and our other locations via a single T1 line.
> Not sure of your options here but consider dropping in a broadband
> (cable?) connection at each location and creating VPNs between
> them all. You'll keep security, possibly save money and get
> more bandwidth. Plus each location gets fast general Internet.
> Assuming you are running VOIP phones, this should all work fine.
>> How would i find out what host is using the most bandwidth at the
>> FreeBSD bridge?
> For monitoring, I would start by installing mrtg and configure it
> to watch the traffic on each switch port as well as the T1. That'll
> get you started and give you a better idea of what bandwidth looks
> like on your network.
> Then, you can install nagios to watch the mrtg data and bitch when
> traffic exceeds certain levels. Note that you can do all sorts of
> creative things here like:
>    (T1 bandwidth > 1,400,000 bps) && (switch port > 750,000 bps)        [T1 is 90% used and user is using > 50% of max bandwidth]
> More involved: write dummynet rules to limit bandwidth to each IP
> address which would automatically deal with the problem. Dummynet
> would also permit you to monitor traffic to IP address, port, etc.
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/semibug

More information about the Semibug mailing list