[Ilugc] Network Traffic Monitor
- From: binand@xxxxxxxxx (Binand Sethumadhavan)
- Date: Fri Dec 16 15:20:22 2005
On 15/12/05, Bharathi Subramanian <sbharathi@xxxxxxxxxxxxx> wrote:
Basically I have nearly 50PCs in my network. I want monitor the
network by sniffing the packets and plot the usage graph, at X min
resolution, for each IP address. It is good if the usage splited into
protocols, like HTTP, FTP,...
Ah well. Here goes.
What you want to do is called traffic accounting. Typically, the
device on a network that sees ALL traffic is the backbone switching
device - hence traffic accounting is done there. And since more often
than not the backbone device is from Cisco, the technology used is
Cisco Netflow.
On the other hand, if you want to do this only at your border, you can
have a Netflow probe on your border router (the PC :) and a Netflow
collector running on a different box (or even the same one, but
depending on traffic Netflow collection puts quite a high demand on
CPU and storage).
The best-known GPL'ed implementation of a Netflow probe is nProbe from
the guys who wrote ntop. It is homed at
http://www.ntop.org/nProbe.html. There are several commercial Netflow
analyzers available, google for them - or you could use ntop for a
GPL'ed Netflow collector. Graphing is usually done by RRDTool in
GPL'ed environments.
It is not an easy thing to setup; you need to have exceptional
understanding of TCP/IP and OSI layers (especially layer 2 and layer
3).
Binand
Other related posts:
