Recommended Posts

he is going to need hardware too. or if his router support dd-wrt, it has some monitoring and logging info. Or a proxy firewall can be put up for logging. or he can use a computer and a hub (not a switch) and put it inbetween the router and the main switch and use a traffic sniffer like wireshark and get an idea of what is in use. Colasoft makes a nice expensive sniffer product with graphs and reports if you are looking for that.

What type of network are you talking about? Is this a work network? Small ma an pa shop? A inet cafe? A home network?

A bit confused about IP statistics?? Not sure what your looking to track here? Number of? What?

As to bandwidth usage -- this is best done on your gateway.. Since exit point of your network, and normally only point that matters when tracking bandwidth usage - local traffic normally not a issue, etc.

What are they using for their gateway - some home based router? A enterprise class? Make and model of hardware and some basics of this network would be helpful into pointing you in the correct direction.

Be it you want to install something on each machine to monitor/limit its bandwidth or should be done on the gateway - or have gateway send the netflows to something like ntop or other software to track bandwidth.

sorry for late response I was waiting for feedback from my friend

-its a work network , hes wanting to monitor only traffic for the subnet he's working on ( that is apparently the only one big ass broadcast domain for the company he's working for)

and apparently the network is being very slow , so he's been asked to do a new addressing to fix it ( I dont know if it would be helpful since its the only broadcast domain ) so he just wants to monitor it first to see exactly whats wrong

he wants :

-bandwidth usage for every hosts

-which protocols are used ( layer 2 & 3 ) and the respective bandwidth they use (but im pretty sure counting packets and frames would be fine since its IP and ethernet )

he says he's gonna ask about working on the gateway that is a CISCO 2960 apparently , if not I told him about the installing a software on every machine , in that case "ntop" and "Colasoft" you said?

With colasoft, you either use a monitoring port and a pc connected to it (it does not get installed on any other pc) or a hub (not a switch) in between your internet router and your main switch and a pc connected to that hub. A hub broadcasts traffic across all of the ports which is why you need a hub, a switch directs traffic so you will only see your traffic and broadcast traffic.

ntop would be used on some machine - and then on the switches handling the traffic? How many of them are there? 1, 100? You would setup monitor ports, also called span ports So the box running ntop can see all the traffic.. Or you would set them up to send flows to the box running ntop.

Or you could use something like http://www.manageengine.com/products/netflow/index.html

Here is link from cisco on some free netflow tools

http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps6601/networking_solutions_products_genericcontent0900aecd805ff72b.html

You will notice ntop is on there.

How many clients are there?? Is issue could be related to just one broadcast domain, creating segments to reduce the number of members of specific segment could be very helpful.

^ yeah that would work if wireshark is seeing all the packets -- ie was running on a the gateway machine, or using a hub vs a switch. Or using a span/monitor port sort of thing.. But you can not just run wireshark on some machine on your network and expect to see the top talker on your network.. Since that machine would only see traffic to and from itself and broadcast traffic in a switched network.

Wireshark is a network analyzer -- not really the best tool for continued monitoring of the traffic.

  On 27/09/2010 at 14:48, sc302 said:

With colasoft, you either use a monitoring port and a pc connected to it (it does not get installed on any other pc) or a hub (not a switch) in between your internet router and your main switch and a pc connected to that hub. A hub broadcasts traffic across all of the ports which is why you need a hub, a switch directs traffic so you will only see your traffic and broadcast traffic.

Hi, I googled this colasoft, I saw they are free, call Capsa. And also I find other freeware like spiceworks.

  On 29/09/2010 at 12:13, BudMan said:

^ yeah that would work if wireshark is seeing all the packets -- ie was running on a the gateway machine, or using a hub vs a switch. Or using a span/monitor port sort of thing.. But you can not just run wireshark on some machine on your network and expect to see the top talker on your network.. Since that machine would only see traffic to and from itself and broadcast traffic in a switched network.

Wireshark is a network analyzer -- not really the best tool for continued monitoring of the traffic.

You are right, BudMan. I think he is the network admin and has the right to do span :rolleyes:

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.