We're using HP Procurve manager to track network traffic over our 100Mbps intersite link. We run one AD based network over both sites. Before half term everything was fine. Since half term there have been periods of activity where the link becomes saturated one way, sending data from the site with our main servers on it to he other site. All we changed over half term was printing. Each site's PCs print to a local print server so it shouldn't be a print related issue. There is no pattern to it either, it mainly happens at lesson changeover but not always. We have 200 staff so asking all of them if they are using a large files at these times would be too onerous a task especially as few would actually know if the files they use are large.
We're using wireshark to try to track packets but we've not found a way of analysing the stats this collects to see who or what is creating these packet bursts. Does anyone know how we can analyse/track the packets to identify source and destination of the top 10 so that we can then look at these machines to see what the data is?
We suspect is there is a way to track this on the servers too. Our "video" server is on the main site so teachers viewing videos would create this large volume one way traffic. We're in the process of replicating this to a local server to reduce this intersite traffic but we need to prioritise which resources to replicate.
Is there a way on a windows 2008 server to see who has which files open so we can study these during a "period of saturation"?
I tried the sysinternals tools (Procmon (used to be filemon)) but had no luck.
Any help appreciated.
There are currently 1 users browsing this thread. (0 members and 1 guests)