Like Patrick's idea with a PC and wireshark I would suggest using a Mikrotik box with two NICs acting as a switch - you can capture all the traffic that way (analyze with WireShark of course).
I know IS has a solution and I am sure there are others but I am only capable of using Cisco switches and MT/Linux/PCs. Did you ever specify if all the customers were on the same AP? Same leg of the network? Random distances/hops from the head end? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Those who don't understand UNIX are condemned to reinvent it, poorly. --- Henry Spencer On Wed, Feb 18, 2009 at 12:27 PM, Patrick Shoemaker < [email protected]> wrote: > You really need to find out exactly WHAT the problematic traffic is > before you worry about how to best block it. Hook up a machine with > Wireshark to a tap or a mirrored switch port that is seeing the > offending traffic. If you can't immediately identify the problem traffic > by looking at the packets live from the wire, you can have Wireshark > sort the flows by all kinds of different factors. > > Patrick Shoemaker > Vector Data Systems LLC > [email protected] > office: (301) 358-1690 x36 > http://www.vectordatasystems.com > > > Patrick Nix Jr. wrote: > > Right, I'm routing already to my customers. I just can't seem to > > identify where the flood of traffic is coming from. My guess is that > > someone is using some sort of p2p and opening gazillions of connections > > for either upload or download traffic or someone has a virus that is > > flooding the network with a bunch of small packets. I've tried to setup > > some iptables rules in our imagestream to prevent both of these but I am > > a newbie with iptables and I either end up killing all internet traffic > > to everyone or it has no effect at all. Does anyone care to share some > > suggestions for iptables rules using Powercode with an imagestream > > router. > > > > Thanks a million. > > > > __________________________________________ > > > > Patrick Nix, Jr., > > csweb.net > > (918) 235-0414 > > http://www.csweb.net > > E-Mail: [email protected] > > > > ==================================================================== > > ATTENTION: This e-mail may contain information that is confidential in > > nature. If you are not the intended recipient, please delete this e-mail > > and notify the sender immediately. Thank you. > > ==================================================================== > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > > Behalf Of Dennis Burgess > > Sent: Wednesday, February 18, 2009 10:33 AM > > To: WISPA General List > > Subject: Re: [WISPA] Suggestions on preventing network flooding > > > > Routing man. > > > > * ----------------------------------------------------------- > > Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer > > WISPA Board Member - wispa.org <http://www.wispa.org/> > > Link Technologies, Inc -- Mikrotik & WISP Support Services > > WISPA Vendor Member* > > *Office*: 314-735-0270 *Website*: http://www.linktechs.net > > <http://www.linktechs.net/> > > */LIVE On-Line Mikrotik Training/* > > <http://www.linktechs.net/onlinetraining.asp> > > > > The information transmitted (including attachments) is covered by the > > Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended > > only for the person(s) or entity/entities to which > > it is addressed and may contain confidential and/or privileged material. > > Any review, retransmission, dissemination or other use of, or taking of > > any action in reliance upon, this information by persons or entities > > other than the intended recipient(s) is prohibited, If you > > received this in error, please contact the sender and delete the > > material from any computer. > > > > > > > > > > > > Patrick Nix Jr. wrote: > >> Everyday we seem to have this problem, we can watch our pings and for > >> the morning our avg ping time will be about 27ms to our customers. > > And > >> then it will just start climbing up to 1000ms and stay there most of > > the > >> time for hours. I can't seem to identify where it is coming from > >> although it must be coming from our customers, because I can set here > > at > >> the head end and still ping google at 60ms consistently while this is > >> going on. When it happens the network slows down to the point of > > being > >> unusable. Any suggestions. Below is an example of yesterday. > >> > >> > >> > >> > >> > >> > >> > >> Thanks > >> > >> > >> > >> __________________________________________ > >> > >> > >> > >> Patrick Nix, Jr., > >> > >> csweb.net > >> > >> (918) 235-0414 > >> > >> http://www.csweb.net <http://www.csweb.net/> > >> > >> E-Mail: [email protected] > >> > >> > >> > >> ==================================================================== > >> > >> ATTENTION: This e-mail may contain information that is confidential in > >> nature. If you are not the intended recipient, please delete this > > e-mail > >> and notify the sender immediately. Thank you. > >> > >> ==================================================================== > >> > >> > >> > >> > >> > >> > > ------------------------------------------------------------------------ > >> > >> > >> > > ------------------------------------------------------------------------ > > -------- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > ------------------------------------------------------------------------ > > -------- > >> > >> WISPA Wireless List: [email protected] > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > ------------------------------------------------------------------------ > > -------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > ------------------------------------------------------------------------ > > -------- > > > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > -------------------------------------------------------------------------------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > -------------------------------------------------------------------------------- > > > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
