realtime traffic analysis to see who is using our bandwidth
Any 3rd party products that do this .. any recomendations???
We have a watchguard firewall, which does not do it nativley. WE run hp procurve switches.. i dont know if that helps.
(i could monitor a node or something of our WAN)
I need something to watch all WAN traffic so i can see who is useing how much bandwidth and for what.
With good realtime detail.
IE: bob right now is using 500kbps on port 80 and mailserver is sending 320kbs .. etc..
We have a watchguard firewall, which does not do it nativley. WE run hp procurve switches.. i dont know if that helps.
(i could monitor a node or something of our WAN)
I need something to watch all WAN traffic so i can see who is useing how much bandwidth and for what.
With good realtime detail.
IE: bob right now is using 500kbps on port 80 and mailserver is sending 320kbs .. etc..
Net Flow will accomplish quite well. This is a configuration on most Cisco routers. You cat then integrate that with a program like ManageEngine NetFlow. http://www.adventnet.com. But to be able to do this on LAN users you need to be able to do this pre NAT otherwise you will not be able to differentiate between LAN users.
ASKER
watchguard does not incorporate netflow because its not cisco and does not run IOS
Try NetMon from Microsoft, included with OS and not 3rd party add-in. Not best for sure, but a good quick start
As far as server based products go you could also try Paessler Traffic Grapher. It has a sniffer function that will allow you to capture just what you want. Problem is you would have to place a machine in the location you want to grab traffic from. I use this to graph and track bandwidth usage from my web clients. Due to having so many IP's on one machine this works great.
http://www.paessler.com/prtg
http://www.paessler.com/prtg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Uetian,
If i have HP procurve switches, is there an extra advantage of HP openview?
I have mrtg types of monitors. I need per person, per connection information.
Pakitloss,
what do you mean you have so many IP's on one machine? I have oposite, many users on one IP. (not my major concern though as long as I know its comeing form terminal server)
I know my hp switch will monitor all traffic on a specified port to another port.
IE: patch my laptop to the "other port" and I can see all WAN traffic etc..
Netmon is a packet sniffer.. not the level im looking for I dont think. I use ethereal vs netmon.. also free and I feel its better.
If i have HP procurve switches, is there an extra advantage of HP openview?
I have mrtg types of monitors. I need per person, per connection information.
Pakitloss,
what do you mean you have so many IP's on one machine? I have oposite, many users on one IP. (not my major concern though as long as I know its comeing form terminal server)
I know my hp switch will monitor all traffic on a specified port to another port.
IE: patch my laptop to the "other port" and I can see all WAN traffic etc..
Netmon is a packet sniffer.. not the level im looking for I dont think. I use ethereal vs netmon.. also free and I feel its better.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am told i can do this simply with somethign like "networkgeneral's portable sniffer.
Its a much more powerful sniffer than ethereal etc.. (and alot more money too!)
Im going to dl the demo.
HP's openview site gives me a headach.... there are 500 products on that site, and they do an awful job of easily letting me know what I need.
I generally hate HP. They are like AOL with bloated software.
Its a much more powerful sniffer than ethereal etc.. (and alot more money too!)
Im going to dl the demo.
HP's openview site gives me a headach.... there are 500 products on that site, and they do an awful job of easily letting me know what I need.
I generally hate HP. They are like AOL with bloated software.
SInce you need to monitor the bandwidth the best tool for this which is easily available and easy to configure is MRTG. As you are using Router you can enable SNMP and the configure MRTG to monitor the bandwidth. It provides you a graph of bandwidth usage for every 5 minutes which can be also scheduled for any time (for for every 2 minutes). Here is the link for MRTG and the tools required http://oss.oetiker.ch/mrtg/
active perl http://aspn.activestate.com/ASPN/Downloads/ActivePerl/ MRTG tutorials http://www.netmon.org/dummies.htm If you want more details please let me know. Also if u have a managable switch then u can monitor all users connected to the switch
Also you try cacti which is more efficient than MRTG .You can download from here & now its easier to install.
http://forums.cacti.net/about14946.html
Also you can use HP Procurve Manager which comes free with HP switches.
Cheers
Yasir
active perl http://aspn.activestate.com/ASPN/Downloads/ActivePerl/ MRTG tutorials http://www.netmon.org/dummies.htm If you want more details please let me know. Also if u have a managable switch then u can monitor all users connected to the switch
Also you try cacti which is more efficient than MRTG .You can download from here & now its easier to install.
http://forums.cacti.net/about14946.html
Also you can use HP Procurve Manager which comes free with HP switches.
Cheers
Yasir
ASKER
i have things that do MRTG type of graphs, they dont really help me.
i cant tell at 2;13 who was using all my bandwidht, i can only tell its all used. I need to actually troubleshoot it
i cant tell at 2;13 who was using all my bandwidht, i can only tell its all used. I need to actually troubleshoot it
I think we are all missing the point here. He is not trying to track users by IP as they all have the same IP. He is trying to track them by account. This is just a guess but maybe Microsoft Operations Manager.
ecszone, by many IP's I mean that I have many websites all with different IP addresses. I know understand I thnik that you are trying to track resource usage from terminal Server clients right?
ecszone, by many IP's I mean that I have many websites all with different IP addresses. I know understand I thnik that you are trying to track resource usage from terminal Server clients right?
ASKER
not really. I said that be a bonus, not manditory. I want to kmow whats using it..
a certain server replicating to much? some mail junky, someone streaming youtube videos, or whatever... Per IP/machine is good enough. It has to be able to sort it all out.
maybe keep drilling down?
IE: ok 70% of is this protocal on this port,
ok that port is veritas DLO agent, 90% of which is going to bobs pc,
bob is copying dvd images into his documents folder and its trying to replicate it as a backup of his documents.
(this has happendd :| )
Now my firewall says, your using all yoru bandwidht, it will even say what has the most connections. But it never says which port has the most bandiwith on each machine...
a certain server replicating to much? some mail junky, someone streaming youtube videos, or whatever... Per IP/machine is good enough. It has to be able to sort it all out.
maybe keep drilling down?
IE: ok 70% of is this protocal on this port,
ok that port is veritas DLO agent, 90% of which is going to bobs pc,
bob is copying dvd images into his documents folder and its trying to replicate it as a backup of his documents.
(this has happendd :| )
Now my firewall says, your using all yoru bandwidht, it will even say what has the most connections. But it never says which port has the most bandiwith on each machine...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oh.. i dont remember checking that one out.
It is alot cheaper than network general... free! unless i need more sensors wtf that means.
Ill try it.
thanks
It is alot cheaper than network general... free! unless i need more sensors wtf that means.
Ill try it.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.