[kwlug-disc] Monitoring network spikes (redux?)

Herman Gruetzmacher hgruetzmacher at gmail.com
Fri Sep 21 18:54:53 EDT 2012


I find ntop to be the best in my pfsense install. You can certainly see lots 
of data and graphs. I find it interesting to see all the phone home of 
devices like my playbook and other spyware stuck on my computers. Not sure 
how to get rid of it all and improve performance but ntop is a great place 
to look at what's going on.

Herman

-----Original Message----- 
From: Paul Nijjar
Sent: Friday, September 21, 2012 1:51 PM
To: kwlug-disc at kwlug.org
Subject: [kwlug-disc] Monitoring network spikes (redux?)

So our network is going crazy with traffic and I don't know why.

I am looking for some (preferably FLOSS) tool that will be able to
offer some clues. Overall, I want to answer the question "why is the
network getting clogged up and what can I do to fix it?"

Ideally I would be able to get pie charts or bar charts for
things like:

- The IP addresses that are using the most traffic (both source and
  destination)
- Ideally, some indication of what that traffic is (but it all goes
  over port 80, so determining the specific traffic is probably deep
  packet inspection stuff)
- I do not mind logging stuff so I can see how the traffic is changing
  over time, but snapshot information is important too

I have some tools that I currently use:
- Cacti can show me which interfaces are going crazy, but can't tell
  me specific IPs and cannot tell me much detail about what the
  traffic is
- pfSense has a "pfTop" tool that shows me some information about the
  hoggiest users, but I don't know how to make it tally numbers
- Wireshark can tell me what is going to a particular machine, but it
  does not help if a lot of machines are DDOSing my network with small
  requests
- There is a proprietary Windows tool called "TCPView" which can show
  some information about a single machine (including a bit of process
  information) but has the same kind of limitations as Wireshark

I tried installing ntop on my pfSense box but that did not work too
well. Is ntop the software I am looking for? Something else?

- Paul

-- 
http://pnijjar.freeshell.org

_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org 





More information about the kwlug-disc mailing list