Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 1265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Link utilization: Unclassified traffic in flow monitor

IngoPohlschneider
Hello everyone
occasionally we are having our 100Mbit/s connection maxed out.
When looking into to flow monitor, the majority of traffic I see is shown as "unclassified". Also when I click Clients then I do not really see the source of the load

Can anyone tell me what the unclassified traffic is, how I can "classify" it for better monitoring and how to figure out the source(s) of the high load?

Best regards 
chas0rde


This thread was automatically locked due to age.
  • 0
    Chas, does 'Bandwidth Usage' give you any hints?  In any case, you'd probably want to watch incoming packets from the command line.  If your public IP were 70.232.31.57 on eth1, you might want to let the following run so that you can stop it when you see heavy traffic and look at the last almost 200 lines:

    tcpdump -n -i eth1 dst 70.232.31.57


    Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?