From owner-freebsd-isp Sun Jan 13 13:39:22 2002 Delivered-To: freebsd-isp@freebsd.org Received: from Thanatos.Shenton.Org (a3.ebbed1.client.atlantech.net [209.190.235.163]) by hub.freebsd.org (Postfix) with SMTP id 4A08637B432 for ; Sun, 13 Jan 2002 13:39:10 -0800 (PST) Received: (qmail 95043 invoked by uid 1000); 13 Jan 2002 21:39:09 -0000 To: freebsd-isp@freebsd.org Subject: Who's saturating outbound link (Cisco 2620, IOS 12.1(1)) From: Chris Shenton Date: 13 Jan 2002 16:39:09 -0500 In-Reply-To: <1241681557.20010725114735@buz.ch> Message-ID: <87g05a2ao2.fsf_-_@thanatos.shenton.org> Lines: 18 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org An ISP I support has FreeBSD servers and a bunch of LAN- and ISDN-connected clients. Its remote so I can't get to it physically. In the past couple days, the 256Kbps link has been totally saturated, MRTG tells me it's outbound traffic. How can I determine which system is causing the traffic? I'm not a Cisco expert, but hoped "show ip accounting" would help, but it only appears to show me *inbound* traffic from all outside addresses to my internal addresses. I need the opposite. Is there some IOS command I'm just not clued into? I'm working with the remote admin to see if I can get a hub put between the router and other ISP gear, then put a FreeBSD box on that so I can use tcpdump or others to sniff the traffic. Until then, I'm blind unless there's some cisco voodoo I can use. Any ideas? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message