Re: Information on Bandwidth Issues

[Donald Voss <voss () albany edu>]

Keith,

If I am following this correctly - might not getting a input - output 
data use profile from your managed ISP be a first useful step ?

It would show you if the traffic load in question is going out or coming 
in vs internal load only. It might show you who/what is going out/in - 
thus a compromised machine or two.

Also - this is down and dirty - but if you know the lay of your lan -- 
you could stay late and setup a crude binary search .. drop a switch .. 
simple test to another machine .. drop another .. see if you could 
isolate a bad spot .. performance jumps up .. plug switch back in .. 
performance goes down .. its over there .. kind of thing. If nothing 
changes and your isp shows you the link traffic is "the same as usual" 
.. then . turn of the sql app and the TS sessions .. or one at a time .. 
see if there is a jump. This will take some planning/late time but might 
be a quick hunt gross find option before you get some sort of IDS / scan 
info.

/don


Keith Bucknall wrote:
> Chuck
>
> Thanks for the information I have not done anything as of yet as I do not
> know the best approach to take.  My boss just put's it down to Large Emails
> and our T/S application's always printing.
>
> I would like an IDS but we do not have anything as of yet, we have 3com 4250
> switches and 2950 (I think!) GIG switches do you know how I could configure
> a single port on each that would mirror all the traffic.....
>
> Our main SQL database is a custom app written by 3rd party but we have over
> 150 T/S sessions using it
>
> Keith
>
>  
>
>
> -----Original Message-----
> From: Charles mckee [mailto:chuck619 () gmail com] 
> Sent: 01 November 2004 22:10
> To: keith.bucknall () zen co uk
> Subject: Re: Information on Bandwidth Issues
>
> I personally would use MRTG.
>
> You can find that package at www.mrtg.org
>
> Have you started doing any type of Foreinsic on your network?
>
> Do you have any type of IDS on my network?
>
> With you SQL database server have you looked to see what
> application(s) are doing huge amount of calls.
>
> Yours
> Chuck
>
> On Sun, 31 Oct 2004 22:11:05 -0000, Keith Bucknall
> <keith.bucknall () zen co uk> wrote:
>
> > Dear All,
> >
> > IF possible I am looking for some advice on some problems our users, over
> > the last 2 weeks our network activity has increased 10 fold, most of our
> > applications are running very slow, from email, SQL databases and our
> > application in particular the ones that use Tarantella Secure Desktop a
>
> RDP
>
> > based Terminal Services.  WE have recently moved the T/S to another
>
> location
>
> > with a 2MB WAN link and I am really looking for some advice and types of
> > tools I could use to monitor the traffic from site A to B and the internal
> > LAN of site A and B.
> >
> > We use all 3com Managed Switches and the link is provided by a managed
> > service, I thought about running Ethereal but understand as we uses
>
> switches
>
> > I would have to mirror a port on each of the 5 switches, is there a tool I
> > could install on either site to monitor the traffic, my main concern is
> > either with have an increase in RDP traffic or perhaps a potential
>
> problem.
>
> > Kind Regards
> >
> >
> > Keith Bucknall


--

______________________________________________________________
Donald W. Voss                              voss () albany edu
Sr.Systems Analyst
AS218 Geography Department
The University at Albany
Albany, NY, USA 12222

1 kilometer = 11,248.593925759280089988751406074 cups of coffee.