Solved

Network usage statistics

Posted on 2002-05-24
8
288 Views
Last Modified: 2010-03-18
Ok, lately it seems that my internet connection is lagging.  What I'm trying to do is get some hard numbers about how much of the line is actually being utilized, by what ip addresses (source address), and for what services (protocol/port) and at what times.

I have been looking into tcpdump, ethereal, and snort - but these tools seem like overkill for what I am trying to do.  It also seems as if these tools are only usefull for capturing the packets, but not actually generating reports for them.

Is there some kind of tool suite availible for monitoring these things or a way to configure the above tools to get the reports I need?
0
Comment
Question by:packratt_jk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 7033401
There's a very good tool for getting an overall view of network traffic. Take a look at ntop (http://www.ntop.org/ntop.html). With it you can get a complete picture of who is doing what, how much traffic they are generating, etc.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7033454
It should also be said that I am looking more for daily, weekly, and monthly utilization reports, rather than real time reports.

I looked at the ntop website, and it looks like a great tool.  But will it yield statistics based on time frames or just from start to 'now'??
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7033518
I don't believe that there is any built in support for period based statistics. You do have control over how much history is represented by an ntop view as you can purge it's history whenever you like. While it can only tell you about total traffic volumes, mrtg does a good job of summarizing traffic flow by day, week, and month. Take a look at http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ for and example of what it can do as well as the sources and documentation.

I use mrtg for traffic summaries and ntop for examining the details (like what machine is doing what and how much traffic  if flowing over specific ports and to where).
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 3

Author Comment

by:packratt_jk
ID: 7040567
>>"I use mrtg for traffic summaries and ntop for examining the details..."
When you say this, do you mean that you have them both running all the time?

It seems to me that I could have one program running all the time (logging packet headers), and one for analyizing those packets.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 7040641
Yes, they both run at the same time and there's no conflict. MRTG was originally designed to gather data from routers via SNMP. Since all that's really needed to monitor total bandwidth use (5 minute averages of bytes IN/OUT per second) is sample every 5 minutes of the traffic, MRTQ doesn't look at the actual packets. The totals on all interfaces since boot are in /proc/net/dev, so it's easy to find out what the rates are. So, MRTG can esily be set up to provide nice plots of total bandwidth usage, by day, week, etc. It's very low impact and doesn't require a lot of cpu power or storage.

On the other hand, ntop can do detailed examination of traffic down to the individual network node. To do that it has to look at the packets to see where the came from, where they are going, what protocol is being used, and how much data is in each packet. Consequently the impact of running ntop is significantly greater. Not only is it having handle each packet, but it has to sort the data and keep history on what it sees.

The way I use the two packages is to run MRTG all of the time and to only run ntop when I think something interesting is going on. Or periodically for a couple of days each month to get a feel for how the clients are using the network (or Internet link as the case may be). I do have one smallish network (some 1000 nodes) that I have a dedicated ntop system on to monitor Internet traffic.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7042543
Ok, so how do i setup snmp?
0
 
LVL 3

Expert Comment

by:DVB
ID: 7044646
ntop comes with a sample script whose output can be parsed and sent to a database. Store your data in the database, and then generate your reports with any spreadsheet.
Scripting ntop shouldn't be hard at all.

To setup snmp, install the net-snmp package http://net-snmp.sf.net/
Get the ORA book on SNMP, its a great help.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 7838397
Sorry about the wait - I changed jobs and forgot about this question.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question