Solarwinds detected a high XMIT % utilization for Serial 0/0/0, more than 90%, in one of our switches. Is there a way to find out who is pulling that amount of data? Like which IP address is consuming it, etc?
Thank you
Use NTA to display the users of the flows through that Interface. NTA will show you the source & destination IP addresses of the flow, and even show you what kinds of packets make up those conversations.
NTA uses NetFlow, and allows you to drill quite deeply down into the packet flow to see what percentage of traffic is coming to / going from each source or destination.
If you don't have NTA, you can use net flow (solarwinds has a free net flow analyzer).
(trying to remember off the top of my head)
If you just want to figure it out for this one instance, you can use the free dealio... send the net flow data to a laptop and see what's going on. But for a more robust /permanent solution, NTA is the way to go. There are others, but I might get booted for talking about AOTSWP (anything other than solarwinds products).
NetFlow
Flowalyzer
If any of the answers are correct, please mark the first one correct, so we can receive credit for helping you out & answering. If none are correct, please ask for more help, and we'll do our best to get you the information you need.
I had a very frustrated customer call the other day about their Network Performance. I'd never used NTA before, and had a pop. It's awesome! It's possible to drill down to a point where you can find out the heavy users by machine, and even which specific aspects of their activity are causing the heavy usage by delving into protocol specific data, or viewing their top endpoints.
I managed to pinpoint one specific user using 80%+ of their traffic, and even show that the majority of bandwidth was going on Web Browsing/streaming (obviously ) and iTunes, as well as their usual Remote Services.
It's a tool I'll be making sure our team are familiar with for the next time.
Excellent! I've used it many times to identify causes of slow performance due to someone or some application taking all or most of a WAN pipe's bandwidth. I'm glad NTA is useful to you and your organization.
