[kwlug-disc] Monitoring network spikes (redux?)
Khalid Baheyeldin
kb at 2bits.com
Fri Sep 21 19:06:29 EDT 2012
On Fri, Sep 21, 2012 at 1:51 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> So our network is going crazy with traffic and I don't know why.
>
> I am looking for some (preferably FLOSS) tool that will be able to
> offer some clues. Overall, I want to answer the question "why is the
> network getting clogged up and what can I do to fix it?"
>
> Ideally I would be able to get pie charts or bar charts for
> things like:
>
> - The IP addresses that are using the most traffic (both source and
> destination)
> - Ideally, some indication of what that traffic is (but it all goes
> over port 80, so determining the specific traffic is probably deep
> packet inspection stuff)
> - I do not mind logging stuff so I can see how the traffic is changing
> over time, but snapshot information is important too
>
> I have some tools that I currently use:
> - Cacti can show me which interfaces are going crazy, but can't tell
> me specific IPs and cannot tell me much detail about what the
> traffic is
> - pfSense has a "pfTop" tool that shows me some information about the
> hoggiest users, but I don't know how to make it tally numbers
> - Wireshark can tell me what is going to a particular machine, but it
> does not help if a lot of machines are DDOSing my network with small
> requests
> - There is a proprietary Windows tool called "TCPView" which can show
> some information about a single machine (including a bit of process
> information) but has the same kind of limitations as Wireshark
>
> I tried installing ntop on my pfSense box but that did not work too
> well. Is ntop the software I am looking for? Something else?
>
> - Paul
>
> --
> http://pnijjar.freeshell.org
>
It has been on my "to do" list for a long time, but never got around to it.
Basically, I also want to know what/who is eating bandwidth.
The last time I looking into things, this package of OpenWRT looked useful,
and I was thinking of getting an OpenWRT supported router and installing it
on it, and there you go.
However, new hardware keeps coming up so fast, and current models that
have discounts on them in the weekly flyers, and all the new features and
horse power, are seldom supported ...
Here is the package
http://wiki.openwrt.org/doc/howto/bwmon
P.S. I used ntop on occasions to chase issues with servers being hit by
bots,
and indeed it is useful. Not on a router though.
--
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20120921/2aeb365f/attachment.htm>
More information about the kwlug-disc
mailing list