[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Measure bandwidth/traffic

Posted on 2004-10-27
13
Medium Priority
?
527 Views
Last Modified: 2013-12-07
How can I measure bandwidth for a network?  I'm familiar with ethereal and a couple other network sniffers but after sampling the traffice I have no idea if it's high, low, is there a limit, etc..  I sample the results and save them so that I can compare with problems in the future but I seriously look at the results and it's like DUH! I have no idea what is high or low.

Is there any rule or way to measure and know what is the exact saturation point of a LAN?  We have 70 users and nine servers on an ethernet LAN.  5 100 swithes for the users and 2 GB switches for the server room.  A GB trunk links all switches.

I've noticed that our network might hit 150 to 200 packets per second.  Again I can't say how large they are so I have no idea if this is horrible or not.

Thanks in advance!
0
Comment
Question by:zenportafino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 900 total points
ID: 12430607
Look into MRTG - you are trying to compare how much traffic is flowing compared to the size of your pipe (internet connection)

http://mrtg.hdl.com/mrtg.html
0
 
LVL 9

Expert Comment

by:imnajam
ID: 12430608
I am not sure if you mean to measure a data transfer(network traffic) or something else but if it's like that than give a try to dumeter [ http://www.dumeter.com ]
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12430612
Though typically, your switches need to be managed in order to do monitoring of this info.  Otherwise, you could setup a Windows server that would require all traffic to pass through it and then use network monitor to gauge the % of the connection utilized.
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 1

Author Comment

by:zenportafino
ID: 12430627
We're running ISA yet the reports seem to be of little help offering web site usage but nothing in regards to available bandwidth vs. used.  Any thrid party items that can do so?
0
 
LVL 9

Expert Comment

by:imnajam
ID: 12430671
have you tried "Performance" found in control panel/ administrative tools.... and than adding counter "Network Interface" (Performance Object) is that helpful to you in any means?
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12430788
Yes I've used performance monitor too.  It creates a large graph that doesn't tell me if I should be concerned or not.  I find spikes at 200 bytes per second.  Is that high or low?
0
 
LVL 9

Expert Comment

by:imnajam
ID: 12430804
I am not sure to call it high or low but what sense to me is that it is determined by the hardware(and you) if your hardware is 100mbps (megabits per/second) than 200 bytes per second is low and 90+ M.B per second is high, don't know what else to say ? and what you are specifically want to know!!!
0
 
LVL 1

Expert Comment

by:alexai
ID: 12430884
It is always helpful to know specifically what you are looking for, particularly with network traffic which is such an abstract subject.

If you would like to have just the info "condensed" without concerning for measuring it all yourself, I can recommend you Agilent's solutions, which are just plain excellent and have neat understandable graphics, but most of these solutions are hardware based and thus, at least I, find it rather difficult to feel the return on your investment, for they are quite pricey. They are more oriented for an exhaustive debug, rather than simple traffic probing.

If on the other hand you want to go for it yourself I can only recommend you to setup a monitoring port on the switch that hosts your ISA server, plug a machine in such monitoring port (configurable through the CLI or admin console in most switches) and run Ethereal.

I'd use a filter to capture only plain traffic going to ISA server by using:

ether host 00:00:00:00:00:00

Ethereal comes with several spiffy tools to analyze traffic. You could use HTTP in the Statistics menu to count how many packets from the total captured are HTTP (tcp 80), and then manually think of the percentage this represents versus the total packets captured. Say, if you capture 1500 packets, and Ethereal counts 750 as HTTP, you could say half traffic is used for viewing websites only. However, this does not resemble nor mean that half your bandwidth is used for Internet, since you do not know the exact bit length of each HTTP packet, it could be 90% or 10% of bandwidth (hence, the complexity of bandwidth measuring).


Hope this helps to at least set you in a direction.

0
 
LVL 1

Expert Comment

by:alexai
ID: 12430901
.......forgot to note, 00:00:00:00:00:00 would be replaced with the MAC address of your ISA's server network adapter
0
 
LVL 2

Expert Comment

by:methabhaya
ID: 12431330

Since you are having a Switched network everything would be switched. That means each port on the 100MB switch would give 100MB to each of the 70 PC's. The uplink is 1GB so only time these would be saturated is if all 70 USers are doing more that 1GB or traffic or 10 users are each doing more than 100MB traffic. this is most unlikely in your case except during a virus attack.

Here's a simple solution I would use in your case (their's other solutions much more complex)

1. Determine what ports the uplink is for the 5 switches to the 2 gigabit switches.
2. Now locate where the servers are connected on the Gigabit switch
3. Use MRTG to graph (in 5 min intervals) traffic on the UPLINK ports of the 5 switches and the servers.  
4. After about couple of days you can start to see the pattern on your network and whether the network is saturated.
5. If you want, you can graph each of the 70 ports identified by PC or user to better see who is doing a lot of traffic.

Also if you can invest get Network Observer Suite. That can monitor and graph switches and indicate a lot of problems near realtime but be warned, their software is costly. The above MRTG solution is easy to setup and check. But you would need to have managed switches (SNMP for monitoring) if not you will need a software like Network Observer to do what you want.
0
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12431906
Another vote for MRTG! Can't go wrong. It's free easy and your bosses will love looking at the graphs for hours on end.
0
 
LVL 2

Expert Comment

by:DiCeR
ID: 12442014
I dont know why people keep recomending MRTG when "Cacti" is so much easier to use and you get the same kind of graphs. Its a frontend for RRDTOOL - mrtg v2 if you like.

http://www.cacti.net/

Anyway - regarding the problem:

First - Dont trust the "packets pr second" measure in windows. I've seen sub-optimum drivers falsly report numbers there with several tens of thousands packets pr second. Yet actual sniffing revealed low-traffic.

To measure actual bandwidth-statistics (with Cacti or DUmeter or other tools) on a network, you'll need to collect statistics from more than one location since its switched. High traffic between two nodes doesent mean the network got high load...

I'd monitor the network-interface of (a few representative) workstations, key servers and suspected bottlenecks like switch-uplinkports and compare the graphs to available bandwidth. If the network peaks, it will clearly show up in the Cacti graphs.

Try to identify bottlenecks like switch-uplinks and servers. If bandwidth is not an issue (your graphs are nowhere near peaks even during hard use) - yet network performance is unacceptable - you should probably use a sniffer at a key location (uplink to the server/WAN) and examine any unusual tendecies - like excessive arp, odd protocols, hosts maintaining MANY connections etc.etc.

... which is what an IDS (Intrusion Detection System) should pick up, but thats another story.

If the workstations and servers and switches really turn out to be loaded with legit traffic, there is only one thing to do: Upgrade.
Gigabit all the way or switches with higher backplane bandwidth (internal bandwidth in the switch itself)
Subnet and isolate the HIGH volume servers/workstatons.
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12552554
Sorry that I have not responded in a while.  I will give MRTG and others a shot.  All of our switches are managed dell powerconnects with completly useless diagnostic tools built right in.

I've been told by Dell techs that there a tons of problems with them and that the 1024's are often rendered useless and must be replaced when trying to do a firmware upgrade so I have not ruled out that it could be the switches themselves.

I don't believe at all that our network is saturated and I'm just trying to find a firm answer that I can prove and show to the boss.  

By the way, could the fact that my problem user has an open vpn connection, liveperson, IE, Enterprise manager, local intranet, and sometimes other apps that use the NIC be a problem???
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question