[kwlug-disc] Monitoring network spikes (redux?)
Herman Gruetzmacher
hgruetzmacher at gmail.com
Fri Sep 21 18:54:53 EDT 2012
I find ntop to be the best in my pfsense install. You can certainly see lots
of data and graphs. I find it interesting to see all the phone home of
devices like my playbook and other spyware stuck on my computers. Not sure
how to get rid of it all and improve performance but ntop is a great place
to look at what's going on.
Herman
-----Original Message-----
From: Paul Nijjar
Sent: Friday, September 21, 2012 1:51 PM
To: kwlug-disc at kwlug.org
Subject: [kwlug-disc] Monitoring network spikes (redux?)
So our network is going crazy with traffic and I don't know why.
I am looking for some (preferably FLOSS) tool that will be able to
offer some clues. Overall, I want to answer the question "why is the
network getting clogged up and what can I do to fix it?"
Ideally I would be able to get pie charts or bar charts for
things like:
- The IP addresses that are using the most traffic (both source and
destination)
- Ideally, some indication of what that traffic is (but it all goes
over port 80, so determining the specific traffic is probably deep
packet inspection stuff)
- I do not mind logging stuff so I can see how the traffic is changing
over time, but snapshot information is important too
I have some tools that I currently use:
- Cacti can show me which interfaces are going crazy, but can't tell
me specific IPs and cannot tell me much detail about what the
traffic is
- pfSense has a "pfTop" tool that shows me some information about the
hoggiest users, but I don't know how to make it tally numbers
- Wireshark can tell me what is going to a particular machine, but it
does not help if a lot of machines are DDOSing my network with small
requests
- There is a proprietary Windows tool called "TCPView" which can show
some information about a single machine (including a bit of process
information) but has the same kind of limitations as Wireshark
I tried installing ntop on my pfSense box but that did not work too
well. Is ntop the software I am looking for? Something else?
- Paul
--
http://pnijjar.freeshell.org
_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
More information about the kwlug-disc
mailing list