[kwlug-disc] Monitoring network spikes (redux?)

John Miles jmiles242 at gmail.com
Fri Sep 21 21:48:32 EDT 2012


Argus is an interesting tool. It collects data on network
'conversations' or 'flows'.
I've never used it with a nice interface though, it has all been shell
based queries.

John.

On Fri, Sep 21, 2012 at 1:51 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> So our network is going crazy with traffic and I don't know why.
>
> I am looking for some (preferably FLOSS) tool that will be able to
> offer some clues. Overall, I want to answer the question "why is the
> network getting clogged up and what can I do to fix it?"
>
> Ideally I would be able to get pie charts or bar charts for
> things like:
>
> - The IP addresses that are using the most traffic (both source and
>   destination)
> - Ideally, some indication of what that traffic is (but it all goes
>   over port 80, so determining the specific traffic is probably deep
>   packet inspection stuff)
> - I do not mind logging stuff so I can see how the traffic is changing
>   over time, but snapshot information is important too
>
> I have some tools that I currently use:
> - Cacti can show me which interfaces are going crazy, but can't tell
>   me specific IPs and cannot tell me much detail about what the
>   traffic is
> - pfSense has a "pfTop" tool that shows me some information about the
>   hoggiest users, but I don't know how to make it tally numbers
> - Wireshark can tell me what is going to a particular machine, but it
>   does not help if a lot of machines are DDOSing my network with small
>   requests
> - There is a proprietary Windows tool called "TCPView" which can show
>   some information about a single machine (including a bit of process
>   information) but has the same kind of limitations as Wireshark
>
> I tried installing ntop on my pfSense box but that did not work too
> well. Is ntop the software I am looking for? Something else?
>
> - Paul
>
> --
> http://pnijjar.freeshell.org
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org




More information about the kwlug-disc mailing list