[mrtg] Re: A Philosophical / Procedural Question

Eric Brander Eric_Mailing_List at rednarb.com
Tue Oct 26 14:14:33 MEST 2004 

Tim Holmes wrote:

> Good Morning Folks:
> 
> I have been using MRTG to monitor my switches for about 2 weeks now, and I have what I guess you would call more of procedural or philosophical question (yeah, I know its early in the morning for that!)  :)  
> 
> Occasionally, I am seeing a port or ports on one of the switches (it varies) that are showing a huge spike in traffic.  In some cases its outbound, in others its inbound.  For example I came in and checked stuff this morning, and found one of the ports has been averaging 590 b/s all night (inbound) and 595 b/s Outbound with peaks over 700 b/s
> 
> I walked the wire backwards, and found that this port is connected to my Ghost server, and it has been doing nothing all night long.
> 
> My question, is what next?  Where do I go from here to determine the cause of this traffic, 
> 
> The other day, I had a machine on the core switch that was running an unusual amount of outbound traffic, I turned it off, and the traffic disappeared, but I don't think that's the final solution.  
> 
> The examples above are not typical of my network, but kinda make me wonder.  Any insights that you can provide would be appreciated.  
> 

It may seem obvious but the first thing I'd check is for viruses or 
spyware. Also, throw a sniffer on that port if you can. There's a few 
free packet sniffer programs out there that can do some basic stuff that 
may point you in the right direction. Here's one: 
http://sourceforge.net/projects/showtraf

Something like this could be as simple as the a master browser glitch 
causing your system to freak out and spam requests for browser election. 
If so, there's some browser tools free from MS I think that can help you 
there. Use the sniffer to check for those browser election packets.

Check the event logs on the servers too, something might actually be 
logging something going on.

Another place to look is at the patch cables. A weak cable can cause 
retransmit requests.  Check the errors on the port, it may indicate a 
physical layer problem.

/shrug

HTH,

Eric Brander

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list