If you're using Linux, tcpdump and ethereal (front-end for tcpdump) are ok and free.
Main Topics
Browse All TopicsWe are in the process of getting some sort of monitoring/reporting package for our firewalls. At this point, we aren't sure if we are getting accurate results on the bandwidth. Add to that, our ISP is claiming that our bandwidth is considerably higher than what we believe it to be (by about 2-3x as much in fact). The only time our bandwidth was that high was when the big viruses were running rampant over a year ago.
Long story short, what we are wanting to do is drop a hub in between our firewall and our ISP's end point, and put a box on it with the sole purpose of doing network traffic sniffing so that we can get an idea of total bandwidth and what protocols are running over that connection.
Could someone recommend some simple, relatively cheap, but still fairly decent traffic sniffers? I've looked at E-Eye's Network Traffic Analyzer before, and at this point, its a bit overkill for what we are looking for. Looking for total traffic flow in both directions, and to be able to break it down by protocols so we can see how much and what traffic is flowing.
Thanks in advance.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
SNIFFERS/Packet Analyzers
http://www.statscout.com/l
http://www.etherreal.com <== free, but limited
LANHOUND:
http://www.sunbelt-softwar
I don't think you want a protocol analyzer like Sniffer or Ethereal. These give packet detail and are mostly used for analyzing and troubleshooting in-depth particular problems/connection issues.
What I would recommend is Multi Router Traffic Grapher (MRTG). This is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. This product is open source and has been around for many years and is quite mature.
http://people.ee.ethz.ch/~
I sort of agree with netspec01, but MRTG is sorely limited to providing aggregate bandwidth utilization and CPU utilization. Perfect for monitoring SLA compliance and making sure you really are using what you are getting charged for. What is does not do is give you any visibility of who went where, who the top talkers were, how much bandwidth individuals used, etc. so that you can do anything about it.
A good (free) alternative is NTOP from http://www.ntop.org
Enable Netflow on a router between the firewall and the inside LAN and export the netflow to the ntop application.
I would try a product like Solarwinds Orion for bandwidth monitoring. It is really easy to use and reports bandwidth very accurately. You can it monitor your firewall or router using the snmp strings.
There is online demo as well as demo copies that you can get.
http://solarwinds.net/Orio
MRTG and NTOP are both useful tools. NTOP will give you a more in-depth look t the protocols/sessions while MRTG is exellent for long term trending. Here is a description of both from the NTOP site: http://www.ntop.org/ntop.h
Business Accounts
Answer for Membership
by: pgm554Posted on 2004-10-08 at 09:36:34ID: 12260464
Try these guys. Fairly accurate and free. If you want more, there is a subscription service available to monitor your ISP.
www.dslreports.com