[Semibug] Diagnosing a saturated network.

Andrew Ruscica andrew at ruscica.com
Thu Jan 12 14:11:59 EST 2017


A little late to the responses, but what you may want on your FreeBSD box
(if it is forwarding all packets) is ntop - it will show the bandwidth hogs
real time graphically.  I use the pfSense ntop package at most of my sites.
 pfSense will also show real time bandwidth non-graphically in it's base
configuration without ntop.

Andrew Ruscica
519.919.2650


On Thu, Jan 12, 2017 at 2:04 PM, Jeremy Gransden <jeremy.gransden at gmail.com>
wrote:

> Thank you all for the responses. I am currently reading through the
> Practical Packet Analysis book and playing with wireshark. It is
> showing me a wealth of information. It seems to be more of a "look at
> what happened before", more so than a "look at what is happening now"
> kind of thing though I am only about half way through it. I am dumping
> with tcpdump and looking at the .pcap file with wireshark.
>
> My eventual goal is to do as Mike has suggested. But for the time
> being I am stuck with what is working (sorta).
>
> thanks again for the pointers, I owe you guys a beer next time i can
> make it to a meeting.
>
> thanks,
> jeremy
>
> On Wed, Jan 11, 2017 at 1:00 PM, Mike Wayne <semibug15 at wayne47.com> wrote:
> > On Wed, Jan 11, 2017 at 12:07:25PM -0500, Jeremy Gransden wrote:
> >> I have a network of 8 pcs and several phones all connected to the
> >> Internet and our other locations via a single T1 line.
> >
> > Not sure of your options here but consider dropping in a broadband
> > (cable?) connection at each location and creating VPNs between
> > them all. You'll keep security, possibly save money and get
> > more bandwidth. Plus each location gets fast general Internet.
> > Assuming you are running VOIP phones, this should all work fine.
> >
> >> How would i find out what host is using the most bandwidth at the
> >> FreeBSD bridge?
> >
> > For monitoring, I would start by installing mrtg and configure it
> > to watch the traffic on each switch port as well as the T1. That'll
> > get you started and give you a better idea of what bandwidth looks
> > like on your network.
> >
> > Then, you can install nagios to watch the mrtg data and bitch when
> > traffic exceeds certain levels. Note that you can do all sorts of
> > creative things here like:
> >    (T1 bandwidth > 1,400,000 bps) && (switch port > 750,000 bps)
> [T1 is 90% used and user is using > 50% of max bandwidth]
> >
> > More involved: write dummynet rules to limit bandwidth to each IP
> > address which would automatically deal with the problem. Dummynet
> > would also permit you to monitor traffic to IP address, port, etc.
> >
> > _______________________________________________
> > Semibug mailing list
> > Semibug at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/semibug
>
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/semibug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/semibug/attachments/20170112/1342f7a3/attachment.html>


More information about the Semibug mailing list