This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Determining which IP address on my network is causing bandwidth spikes?

On a UTM 625, firmware 9.355.

I have a portal from Comcast that allows me to see bandwidth usage. I saw yesterday that something was causing my bandwidth to spike to its maximum cap for about 10 minutes. 

Can the UTM show me what IP address is potentially using all the bandwidth so I can pin point the culprit?

Alex



This thread was automatically locked due to age.
  • Hi, Alex, and welcome to the UTM Community!

    On the Dashboard, click on one of the boxes beside the External interface and you will see the flow monitor.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I know about the flow monitor, but I'm trying to figure out what IP address or addresses that are using the bandwidth. Not the services being used.

  • If you click on the number in the Clients column, you will be shown a list of clients.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So I clicked on a few items on the list, such as google.com and youtube.com. They say "No data available in table". But it does show traffic.

  • What service was in use?  If it was traffic passing via the HTTP Proxy, you should be able to see the details in that log.  Reporting updates every five minutes, so you might be able to get reports during and after on the 'Bandwidth Usage' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • AChu87 said:

    I know about the flow monitor, but I'm trying to figure out what IP address or addresses that are using the bandwidth. Not the services being used.

    From SSH: iftop -i eth0 will show you bandwidth performance in real time, with top clients sorted on top (assuming that eth0 is your LAN interface).