Multiple large-sized packets injected into your network from any source, including a host PC, can bring your network to a dead crawl. In the worst case, theycan even shut down operations. To determine which host or node is sending or receiving suspisciously large and multiple “packets” (no pun intended), enable ip accounting output-packets in the interface that you suspect they pass through. Then use the command sh ip accounting output-packets to viewthe output in real time. Even packet and byte sizes are displayed, which can help you identify what kind oftraffic is present in your link. For example:
Router(config)# interface FastEthernet 0/1
Router(config-if)# ip accounting output-packets
Router# sh ip accounting output-packets
But The preferred, more scalable, method is to use NetFlow on ingress interfaces to try to find the type of traffic Because NetFlow keeps statistics on flows, you can more easily isolate the protocols involved. To enable NetFlow on interfaces, use the interface configuration command ip route-cache flow. Support for NetFlow can vary depending on your platform and code version.
For older platforms that do not support NetFlow, IPaccounting can be useful.