Security Basics mailing list archives
RE: Information on Bandwidth Issues
From: "Kurt" <kurtbuff () spro net>
Date: Mon, 1 Nov 2004 12:25:58 -0800
1) identify your subnets 2) isolate your firewall/router/wan link on a separate subnet - no other machines on it 3) bring up ntop on a machine, and put it on the mirrored ports. That should help characterize what protocols are being (ab)used. Also put ntop in the subnet that contains your firewall/router/wan link, either by mirroring the port on which it resides, or by inserting a true dumb hub to be shared by the ntop machine and firewall/router/wan link. 4) also put up a TCP recorder (tcpdump, ethereal, sniffer, etc.) on your switches (mirroring where necessary), if necessary, and get granular in your analysis. 5) rule out a packet storm because of a bad NIC somewhere with 3)and 4) above, otherwise identify your top talkers, and see if you can put them on the same subnet, or do other things to reduce traffic. | -----Original Message----- | From: Keith Bucknall [mailto:keith.bucknall () zen co uk] | Sent: Sunday, October 31, 2004 14:11 | To: security-basics () securityfocus com | Subject: Information on Bandwidth Issues | | | Dear All, | | IF possible I am looking for some advice on some problems our | users, over | the last 2 weeks our network activity has increased 10 fold, | most of our | applications are running very slow, from email, SQL databases and our | application in particular the ones that use Tarantella Secure | Desktop a RDP | based Terminal Services. WE have recently moved the T/S to | another location | with a 2MB WAN link and I am really looking for some advice | and types of | tools I could use to monitor the traffic from site A to B and | the internal | LAN of site A and B. | | We use all 3com Managed Switches and the link is provided by a managed | service, I thought about running Ethereal but understand as | we uses switches | I would have to mirror a port on each of the 5 switches, is | there a tool I | could install on either site to monitor the traffic, my main | concern is | either with have an increase in RDP traffic or perhaps a | potential problem. | | | | Kind Regards | | | | Keith Bucknall |
Current thread:
- Information on Bandwidth Issues Keith Bucknall (Nov 01)
- RE: Information on Bandwidth Issues Kurt (Nov 01)
- Re: Information on Bandwidth Issues Ghaith Nasrawi (Nov 03)
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 03)
- <Possible follow-ups>
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 01)
- RE: Information on Bandwidth Issues Edgar Zapata (Nov 02)
- RE: Information on Bandwidth Issues Keith Bucknall (Nov 02)
- RE: Information on Bandwidth Issues Burton M. Strauss III (Nov 03)
- RE: Information on Bandwidth Issues Ghaith Nasrawi (Nov 12)
- RE: Information on Bandwidth Issues Edgar Zapata (Nov 02)
- Re: Information on Bandwidth Issues Donald Voss (Nov 02)
- Re: Information on Bandwidth Issues tito.basa (Nov 03)