• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Traffic monitor with switched network

C

csinnott

Junior Member
I need to monitor the traffic on my local network. We have about 20 Computers connected to a Netgear FS700TS switch. There has been an excessive amount of network traffic to the internet from one of the computers, but i don't know which one. I'd like to setup a solution where I can monitor the traffic to see where it is coming from.

I have enabled Port Mirroring on the switch, between the router and another computer.
(port 48 is connected to the router, and I am mirroring that port to port 46) I've connected a computer to port 46, but I lose all connection to the network. What am I doing wrong here?

Also, what program would you recommend to view the traffic. I'm looking for real-time monitoring, and am not interested in capturing the packets so I don't think wireshark is needed.

Thanks for any help you can provide.
 
Originally posted by: csinnott
I need to monitor the traffic on my local network. We have about 20 Computers connected to a Netgear FS700TS switch. There has been an excessive amount of network traffic to the internet from one of the computers, but i don't know which one. I'd like to setup a solution where I can monitor the traffic to see where it is coming from.

I have enabled Port Mirroring on the switch, between the router and another computer.
(port 48 is connected to the router, and I am mirroring that port to port 46) I've connected a computer to port 46, but I lose all connection to the network. What am I doing wrong here?

Also, what program would you recommend to view the traffic. I'm looking for real-time monitoring, and am not interested in capturing the packets so I don't think wireshark is needed.

Thanks for any help you can provide.
Click to expand...

The mirrored post can't be used as a regular port, your monitoring system should have two ports. One connected normally to your switch, the second connnected to the span port. You then monitor the span port.

Etheral or any number of other tools should work fine for you.

Bill
 
There should be an option on the mirror port to allow ingress traffic (allow traffic into the port)

ethereal/wireshark would be fine as it will track all the conversations/bytes per IP or per layer4 conversation.
 
ntop

should be able to just install a decent version from apt in Debian or Ubuntu. The only thing is making sure it's sniffing on the correct interface.

Like someone said above, use 2 interfaces, one for management, one for sniffing.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top