Greetings, Community. Here's the problem: I have a 3560-2621-and 4 managed Dell 3624s in a stack. The customer is a condo building w/17 floors. There's a switch on every floor but nly 17-14 are managed. The routers and the first stacked switch are on the 17th floor and the other three switches are on the next three floors. The customer is a 10mb customer. My traffic graph shows someone hogging the bandwidth and I need to track him/her down. Any suggestions on the best tool/process to track the bandwidth hog down. Thanks...
Couple of options that I can think of quickly:
1. Grab a packet analyzer like Wireshark, and monitor the uplink to the router.
2. Enable NetFlow on the router. I like enabling the top talkers by bytes as well. Can then get a good snapshot of who is the top talker at that given time.
Of course both of these are only going to give either an IP address or MAC address that tells you which device is causing the issue. Will have to do some hunting to track down the specific device.
For a quick and easy solution I have previously used NTOP. If you can get a machine onto the network and SPAN one of the LAN ports of interest (Usually the connection to the internet or other such uplink) you can run NTOP to sniff and log the traffic. It will give a good amount of detail, top talkers, protocols, flows etc.
It can be set up with NetFlow if you have a NetFlow capable switch and can battle with the Linux version but for a quick deployment if you are a windows person (like me) I just set up with a spanned port and connect this to a second NIC on my monitoring machine.
It is free on windows if you complie yourself http://www.ntop.org/ but UNIX binaries are available if I recall correctly
There was a fully functional pre-compiled Windows version available from http://www.openxtra.co.uk/freestuff/ntop-xtra.php but they seem to have taken it down due to popularity hitting their bandwidth. I probably have a copy somewhere I could track down, but you might be able to find it on a download site somewhere.
Hope that helps