[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Network monitoring tool advice

Posted on 2010-08-25
Medium Priority
Last Modified: 2012-05-10
Hey guys

I've installed Wireshark onto our secondary DC, however I'm not sure whether this appliation has been installed on the correct machine. I'm assuming that by installing it on this machine, it ONLY monitors the network traffic going in/out of that particular server and that's it? am I right or is it fine to install network monitoring applications on just any server as it will pick up the entire LAN?

We have four different gateways. What's the best way for me to monitor network traffic of our entire LAN?

Question by:Yashy
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1

Accepted Solution

fluk3d earned 1000 total points
ID: 33521702
I'm assuming your LAN is a switched network therefor you will only pick up on the server you have the application running on.

Switches will break up broadcasts so you will not see every packet going in and out of your network. You mentioned you have four gateways if these gateways support packet capturing you can set it up with filers and what not depending what you want to monitor.

Depending on your switch setup you can also purchase a barracuda ethernet tap and setup your switch for port mirroing (be careful) a lot of traffic through one port can brign your network to a halt!

Have a look at these links,




Expert Comment

ID: 33521791
I use a product named "whats up Gold" to monitor all the traffic on the network

it has a lovely interface very easy to use and its free for 365 days.

you can monitor 3 devices for free to start. At least you can see if this product suits before purchasing it.

Expert Comment

ID: 33522476
depending what level of detail you are looking for and the type of network hardware, but Solarwinds Orion NPM is very good especially when combined with Netwflow for traffic type analysis
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.


Author Comment

ID: 33522516
Thanks for both of your inputs guy.

Well the way the systems are configured is such that everything is connected to our 48 port switches. From there, they're connected to our routers. Is it worth configuring a PC with like 4 LAN cards and then connecting each of those to the back of one router to monitor each LAN adapter for input/output of traffic?


Expert Comment

ID: 33522570
If you were to use WhatsUpGold or Orion you would have to configure it to store SNMP stats so you can see exactly what the traffic is doing.

Does your switch support NetFlow ? there are some NetFlow products Orion might support NetFlow that will traffic your packets very granular.

Depending on your firewall/router/gateway they sometimes have products that support reporting.

I know SonicWALL/CheckPoint have this feature.

Assisted Solution

Jaoibh earned 1000 total points
ID: 33522592
Hi Yashy, What you can do is monitor the Router and the switches using whatsupgold and it gives you a full break down

Expert Comment

ID: 33522848
sounds like you want deep packet inspecting (sniffing) if you are using tools like wireshark.

if so, easiest way is to span (or rspan) to ports so a single destination and then you can use wireshark to collect all packets from your network.

BUT: this does depend on your network topology and hardware - i.e. it works well on flat layer 2 networks.

good explaination here:

Author Comment

ID: 33523806
In the end, I've downloaded a tool called Capsa. It's free and is similar to the whatsupgold software. However, I have no clue about port-mirroring or enabling things on our 48 port switch.

All I know is that I've installed the software now onto the server and via its Local LAN Adapter, it has picked up almost everything, but I'm unsure as to whether this is the correct information it is picking up? Does this pick up information that is only between that server and the switch? As it does seem to be looking at all of the MAC addresses on the network.

If you have any ideas whether this is correct info, would help big time?

Thanks again

Author Comment

ID: 33524044
The switch I'm using is a 3COm 2948-SFP Plus if that helps. I haven't configured this switch in anyway in terms of its internal config.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Is your computer hacked? learn how to detect and delete malware in your PC
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question