Given the low cost and feature-rich networking equipment available today, it’s easy for bandwidth hogs to quietly operate in the background. Most corporate networks have plenty of bandwidth and lots of additional features, like traffic shaping, that significantly reduce the impact of bandwidth hogs. But they can certainly still be a problem, especially on slower, remote office networks, or wireless networks. And problems can be aggravated when “hogging events” occur, like video streaming of live, popular events, which bring even casual bandwidth hogs out of the closet. With WildPackets Compass dashboard, you can easily navigate your way through the network to find exactly who the bandwidth hog(s) is and what he or she is doing to suck up so much bandwidth.
Identifying Spikes in Network Usage
The Compass dashboard in OmniPeek allows you to get an overall view of network utilization, whether by bits, bytes, or packets. It is an excellent starting point for identifying overall spikes in network usage, the first step in identifying the culprit behind the spike. As we can see in the following screen shot of the Compass dashboard, our overall network utilization on our wireless network has been erratic, with several spikes over the last hour or so. We can now use the interactive nature of the Compass dashboard to determine which user(s) are responsible for the various spikes in network activity.
Identifying Bandwidth Hogs
All that needs to be done is to isolate a spike, and the Compass dashboard will do the rest. Let’s choose the right-most spike in the above screen shot. Simply highlighting the area of the utilization graph directs the Compass dashboard to drill in on that area, focusing all of the Compass dashboard windows on only that period of time. This is illustrated in the following screen shot.
As you can see, not only have we focused on the utilization from just this time period, but the Top Protocols, Top Flows, and Top Nodes also reflect network utilization from just this time period. Looking first at Top Flows, we see that the conversation between 10.2.0.56 and 126.96.36.199 on port 80 is by far the largest flow, and we know that 10.2.0.56 is a user on our network. Both the listed port and the Top Protocols pie chart confirm for us that this is web traffic, and the Top Nodes histogram clearly shows that the web activity was YouTube traffic. So, a single step using the Compass dashboard provides us will all the data we need to know exactly who our bandwidth hog is, and what they’re doing on the network.
Knowing that there was a spike in network traffic, and who caused it, is certainly valuable information. But spikes happen all the time. As network engineers, what we’re most interested in is whether or not this event created any adverse effects on our network, and one of the best metrics to determine this is network latency. The Compass dashboard continuously analyzes for network latency, and displays this information over time. Simply change the parameter in the graph from “Mbits” to “Worst 2-Way Latency,” and we can now see the latency for the period of time when the spike took place, as illustrated below.
As the graph shows, our worst 2-way latency continues to increase while the YouTube download is occurring, reaching a maximum value of almost 13 seconds. In our book this is certainly an adverse effect!
The Compass dashboard is a flexible, extremely versatile view into overall network activity. With its rich set of network metrics and the ability to instantly drill into specific time periods, it guides you to exactly where network problems are occurring, in this case, identifying a potential bandwidth hog, along with the negative impacts this activity is having on the network.