Solved

Network usage statistics

Posted on 2002-05-24
8
237 Views
Last Modified: 2010-03-18
Ok, lately it seems that my internet connection is lagging.  What I'm trying to do is get some hard numbers about how much of the line is actually being utilized, by what ip addresses (source address), and for what services (protocol/port) and at what times.

I have been looking into tcpdump, ethereal, and snort - but these tools seem like overkill for what I am trying to do.  It also seems as if these tools are only usefull for capturing the packets, but not actually generating reports for them.

Is there some kind of tool suite availible for monitoring these things or a way to configure the above tools to get the reports I need?
0
Comment
Question by:packratt_jk
  • 4
  • 3
8 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 7033401
There's a very good tool for getting an overall view of network traffic. Take a look at ntop (http://www.ntop.org/ntop.html). With it you can get a complete picture of who is doing what, how much traffic they are generating, etc.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7033454
It should also be said that I am looking more for daily, weekly, and monthly utilization reports, rather than real time reports.

I looked at the ntop website, and it looks like a great tool.  But will it yield statistics based on time frames or just from start to 'now'??
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7033518
I don't believe that there is any built in support for period based statistics. You do have control over how much history is represented by an ntop view as you can purge it's history whenever you like. While it can only tell you about total traffic volumes, mrtg does a good job of summarizing traffic flow by day, week, and month. Take a look at http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ for and example of what it can do as well as the sources and documentation.

I use mrtg for traffic summaries and ntop for examining the details (like what machine is doing what and how much traffic  if flowing over specific ports and to where).
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7040567
>>"I use mrtg for traffic summaries and ntop for examining the details..."
When you say this, do you mean that you have them both running all the time?

It seems to me that I could have one program running all the time (logging packet headers), and one for analyizing those packets.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 7040641
Yes, they both run at the same time and there's no conflict. MRTG was originally designed to gather data from routers via SNMP. Since all that's really needed to monitor total bandwidth use (5 minute averages of bytes IN/OUT per second) is sample every 5 minutes of the traffic, MRTQ doesn't look at the actual packets. The totals on all interfaces since boot are in /proc/net/dev, so it's easy to find out what the rates are. So, MRTG can esily be set up to provide nice plots of total bandwidth usage, by day, week, etc. It's very low impact and doesn't require a lot of cpu power or storage.

On the other hand, ntop can do detailed examination of traffic down to the individual network node. To do that it has to look at the packets to see where the came from, where they are going, what protocol is being used, and how much data is in each packet. Consequently the impact of running ntop is significantly greater. Not only is it having handle each packet, but it has to sort the data and keep history on what it sees.

The way I use the two packages is to run MRTG all of the time and to only run ntop when I think something interesting is going on. Or periodically for a couple of days each month to get a feel for how the clients are using the network (or Internet link as the case may be). I do have one smallish network (some 1000 nodes) that I have a dedicated ntop system on to monitor Internet traffic.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7042543
Ok, so how do i setup snmp?
0
 
LVL 3

Expert Comment

by:DVB
ID: 7044646
ntop comes with a sample script whose output can be parsed and sent to a database. Store your data in the database, and then generate your reports with any spreadsheet.
Scripting ntop shouldn't be hard at all.

To setup snmp, install the net-snmp package http://net-snmp.sf.net/
Get the ORA book on SNMP, its a great help.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7838397
Sorry about the wait - I changed jobs and forgot about this question.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now