Do you ever feel as though no matter how much bandwidth you buy, it still isn’t enough? Phone and BYOD updates can use a large amount of bandwidth; here is how to figure out just how much.
…and it’s gone.
The other day, a customer expressed that they wanted to track down phone updates on their network.
As it turned out, the reason behind this was a recent network issue. During one of the most recent iPhone software releases, a couple of outside-facing interfaces suddenly got maxed out due to a large number of phones reaching out for an automatic update. One moment the network was doing just fine, and the next, all that bandwidth was gone.
Phone updates aren’t the only thing dragging down network bandwidth, but they do contribute to a large amount of it. A quick Google search shows me that the iOS 12 update was about 1.5GB to 2GB. That in itself is not too bad, but multiply that by 10 phones and suddenly it becomes 20GB. That can put a considerable amount of strain on your network.
The important information we need for BYOD and reports
As I had explained to the customer I was on the phone with, this is something was can absolutely do with Scrutinizer and is something we have blogged about in the past. For example, we wrote this blog on tracking down jailbroken iPhones a while back.
In fact, there are many different ways to get the same results. Let’s start with what information would be ideal in order to track down who and what we’re looking for.
- MAC address: MAC addresses can help us easily identify what type of BYOD device we are looking for, as the first 24 bits will tell us who the vendor is. These 24 bits are called an Organizational Unique Identifier.
- IP Address: With an IP address, looking up a device can be easier however we can also map username to IP which I will talk about in the next point.
- Username: With devices such as Cisco ASAs, Palo Altos, Cisco ISE, Radius, TACACS, and Ipfixify (Ipfixify can pull data from Microsoft Active Directory) we can map username to IP information which of course, makes tracking down the end user much easier.
Now that we know what we are looking for, we can start running reports.
How to track down the bandwidth hog
Now that we know what to look for, let’s start with Scrutinizer on the Status tab. Once you have logged in to the WebUI and located the status tab, select Top >> AS to AS by IP report. If you have a BGP router, these reports are fantastic and can greatly reduce the resolution time in any situation. Instead of having to sift through tons of IP addresses, we can easily see that Apple Inc., for example, is a source or destination in a report.
But don’t worry, this can still be accomplished without a BGP router sending autonomous system information. Once you have filtered on Apple Inc., or whatever OS the BYOD device you’re looking for uses, you can then switch your report type to host-to-host to view any IP addresses that are communicating with Apple.
If you want information that is more granular, you can click on the report settings (the gear icon next to the report name at the top middle of the screen) and toggle Show Interfaces to say “yes.” Now, we can choose a specific device (or devices) to filter on so we have more report options. By running an all-device report, we are limited on what reports we can run since not all devices export the same information. If you don’t have a device that sends autonomous system information, you can run a Conversations by Well-Known Port report and look for addresses that start with “usbos3” and end with “aaplimg.com” as that is the domain they usually use just like the picture below:
Now I at least have a series of IP addresses to work with and I know how much information is being used while communicating with Apple, since that’s what I’m filtered on. Of course, you can do this with any sort of smart phone—just replace iPhone and Apple with the vendor of your choice.
As always, don’t struggle if you need help tracking this information down; give us a call in support if you need help! You can call 207-324-8805 extension 4 or submit a form online to request support.