2

I need to monitor traffic coming in and out of my server. Knowing the total in/out bandwidth is good, but ideally I would like to know how much traffic was sent to what address (we are talking about static IP addresses).

Is there a tool that would allow me to track bandwidth usage by destination/source?

Alternatively, can you recommend a good library or API for implementing such a functionality?

Note: At this stage I am looking for a Windows-based tool, but I would like to know of options available for any platform.

Thank you,

Goro
  • 654
  • 3
  • 9
  • 18
  • What sort of server? – womble Sep 01 '11 at 23:07
  • @womble: Windows-based at this stage... most likely will move to linux at deployment – Goro Sep 01 '11 at 23:09
  • Can you elaborate on the reasons for downvote? – Goro Sep 01 '11 at 23:10
  • 1
    This is what this question sounds like to other people: "I need very specific information, but I'm not going to provide any details or give any specific info to the people that I'm asking for help." – MDMarra Sep 01 '11 at 23:12
  • @MarkM To me it sounds like "I need to fix my problem but I don't know what I'm dealing with"; knowing the right terminology in the first place is half the problem. I know because it happened to me in the past. – Andrew Sep 01 '11 at 23:22
  • @MarkM: I did not include specific details because we are not tied to a specific solution/deployment. It would be good to know what our options are here so that we could make an informed decision. We are in what you would call the R&D phase of the project. And as Andrew mentioned, I am not quite sure how to ask the question. – Goro Sep 01 '11 at 23:25

5 Answers5

2

Netflow is the end all, be all for this type of monitoring. While there are netflow tools for Windows, my favorite toolset is nfdump+nfsen on Linux/Unix for collection and web-based report generation respectively. I have found this toolset does everything I want, and they're free. As for collecting flows for later analysis with one of these tools, your router may support netflow export. If it doesn't, or if you don't have access to the router, you may configure your managed switch (if you have one) to mirror the ports you want to monitor to a dedicated monitoring port. Then you can use something like fprobe (also on Linux.) I recommend the pcap based fprobe over the ulog one because it was the easiest for me to get working.

Community
  • 1
JakePaulus
  • 2,347
  • 16
  • 17
2

Another interesting tool is ntop which will allow you to monitor all traffic. I've previously used it to analyze the traffic with good results. Is free software and you can use it on different OS (although Linux is preferred).

Pablo Martinez
  • 2,326
  • 16
  • 13
1

If you don't mind using a cool rocket-propelled grenade to hunt insects, it would be fairly quick to install Wireshark, maybe watch a video and set up a quick capture by interface. The Endpoints display will give you what you want, and there are many more ways to slice & dice. Remarkably usable despite its vast depth.

Paul
  • 779
  • 1
  • 9
  • 18
  • Wireshark tends to give me information overload unless I'm looking for something specific; can you recommend any good analysis tools for it? – Andrew Sep 01 '11 at 23:41
  • The top few items on the Statistics menu do useful overviews, and Expert Infos can be a starting point: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html Is this the kind of analysis you mean? – Paul Sep 02 '11 at 00:08
1

A Packet sniffer in PRTG, installed on the server, will give you the info you're looking for.

http://www.paessler.com/manuals/prtg8/packet_sniffer_header_sensor.htm

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
0

In terms of basic tools I can think of two:

ntop is a netflow / sFlow based tool that could integrate with other netflow tools.

Andrew
  • 7,772
  • 3
  • 34
  • 43