Can somebody recommend an open source real-time network analysis program?
What I'm looking for the program to do is display a graph of bandwidth usage by IP within our internal network that can quickly be viewed any time we need to (typically when we want to quickly find out who is utilizing high amounts of bandwidth and slowing down the network).
We ideally simply want to hook up a monitor on the wall of our server room to a system whose NIC will be in permissive mode to log all network activity in a visual manner which can easily be seen and running 24/7.
Prefer open source as I do not have a budget for this project and prefer open source projects in general. I'd also prefer for this to be available for CentOS but any linux distro or Windows OS would be acceptable.
Thanks!
Edit: Also, it can't use SNMP. The gather needs to be logfiles or promiscuous mode.
-
There are a couple out there , most of them based on RRDTool.
Personally we use Cacti here and love it.
UPDATE: in response to the comments although i'll leave the above in case someone finds it usefulA couple of other options.
- If your router supports it use NetFlow. SolarWinds($) has a good analyzer, and flow-tools is a good open source option.
- You could try to use Something like AdventNet Firewall Analyzer - decent tool for small businesses but doesn't scale that well. (i think this one uses SNMP though so it might be out)
- You could probably get the same type of info out of SNORT with the added benefit of also having an IDS on the network
Although I would really try to start working on management and convincing them that SNMP if configured correctly is not insecure at all. SNMP is such a great and powerful tool for a sysadmin.
Jed Daniels : Aren't these all SNMP based?SrSysAdmin : These look good but all appear to use SNMP, know of any that don't? I appreciate your help, thanks man.SrSysAdmin : @Jed Daniels He posted his response before I added my edit.Zypher : @JrSysAdmin: outch ... do you have access to the router or firewall in front of the systems?SrSysAdmin : @Zypher Yes, we're a small company so I have access to everything. I'm just not allowed to use SNMP for perceived security issues.SrSysAdmin : Also, would like to place the system inside the firewall using port spanning rather than outside the firewall on our hub because if it's on the hub all of the IPs will be NATed.SrSysAdmin : I'll take a look at NetFlow tomorrow to see what I can do with that. Thanks for your extensive help, will give you the check tomorrow if all works out!From Zypher -
NTOP is something you might want to consider. It automatically collects a lot of useful information. But it works better if you want to see 'the big picture' and not so great for "I need to know who is slowing down our network exactly this second".
The best tool for 100% real-time info, in my opinion is, tcptrack. It just monitors a given interface and shows connections that use the most bandwidth. I mirror all internet traffic on a switch to a port that is connected to a dedicated NIC on a server running tcptrack. That I can see precisely which IPs/ports are hogging the bandwidth.
gravyface : Too bad tcptrack is only TCP not UDP.From Vitaliy -
Set up your edge switch to mirror traffic to your traffic analysis system or put your system in-line and have it running your enterprise firewall.
Once you do that, you can run a tool like ntop or argus.
From chris -
EtherApe makes it very easy to see where the bandwidth is going.
-
If bandwidth usage per IP is what you need, NTOP in promiscuous mode is perfect out of the box. Just install the rrdtool plugin for some nice per-ip bandwidth over time graphs.
From Cory J -
From Javier
0 comments:
Post a Comment