Network monitoring tool advice

Posted on 2010-08-25
Medium Priority
Last Modified: 2012-05-10
Hey guys

I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?

We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?

Question by:Yashy
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1

Accepted Solution

fluk3d earned 1000 total points
ID: 33521702
I'm assuming your LAN is a switched network therefor you will only pick up on the server you have the application running on.

Switches will break up broadcasts so you will not see every packet going in and out of your network. You mentioned you have four gateways if these gateways support packet capturing you can set it up with filers and what not depending what you want to monitor.

Depending on your switch setup you can also purchase a barracuda ethernet tap and setup your switch for port mirroing (be careful) a lot of traffic through one port can brign your network to a halt!

Have a look at these links,




Expert Comment

ID: 33521791
I use a product named "whats up Gold" to monitor all the traffic on the network

it has a lovely interface very easy to use and its free for 365 days.

you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.

Expert Comment

ID: 33522476
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf


Author Comment

ID: 33522516
Thanks for both of your inputs guy.

Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?


Expert Comment

ID: 33522570
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.

Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.

Depending on your firewall/router/gateway they sometimes have products that support reporting.

I know SonicWALL/CheckPoint have this feature.

Assisted Solution

Jaoibh earned 1000 total points
ID: 33522592
Hi Yashy, What you can do is monitor the Router and the switches using whatsupgold and it gives you a full break down

Expert Comment

ID: 33522848
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.

if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.

BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.

good explaination here:

Author Comment

ID: 33523806
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.

All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.

If you have any ideas whether this is correct info, would help big time?

Thanks again

Author Comment

ID: 33524044
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
An article on effective troubleshooting
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question