PDA

View Full Version : Monitor Network Traffic (for bandwidth, not censorship!)




turbobass
Apr 15, 2011, 06:00 PM
Hi all,

I have a somewhat complicated office setup with SIP, Internet access, and live video streaming all happening through the same hardware.

I have been looking for ways to easily see a breakdown of the flow of traffic within the office in order to troubleshoot things such as lags in our phone rings and bad packets in our video streams -- and just generally overview the bottlenecks in the network -- but so far have done everything "blind."

This being a :apple: centric forum I thought there might be some kindly network admins who had their **** together and could point me in the direction of the best app or tools to accomplish this. I am definitely a n00b at this...:confused:



hmmfe
Apr 15, 2011, 07:40 PM
Can you explain your environment more? One of the easiest ways to do this is to collect netflow/sflow data from your switch or router. But, you need the hardware that supports this (there are free software analyzers that can view and report on the data). You can also use various software tools to do this but it somewhat depends on how you are setup.

Of course, it would also be helpful to know what sort of information you want to extract.

turbobass
Apr 17, 2011, 02:43 PM
Can you explain your environment more? One of the easiest ways to do this is to collect netflow/sflow data from your switch or router. But, you need the hardware that supports this (there are free software analyzers that can view and report on the data). You can also use various software tools to do this but it somewhat depends on how you are setup.

Of course, it would also be helpful to know what sort of information you want to extract.
Thanks for your reply. It's a small setup, 1 24 port switch connected to router which connects to the building's WAN and then for the local network SIP phones, a wireless router, computers, and some other equipment are connected. I'm particularly interested in finding bottlenecks or conflicts between traffic as my main goal for this is making sure that iour network setup isn't slowing down any of our SIP or video traffic.

hmmfe
Apr 19, 2011, 07:26 PM
What is the make/model of your switch and router? These might support netflow/sflow and would make your job much easier and free.

Here is what I use for spot use of netflow/sflow information...
http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx

So, once I (we) know the devices and their capabilities, we can get specific with some options.

lythium
Apr 20, 2011, 09:12 AM
read: netflow, nbar

You say your router connects to the buildings WAN. does that mean your office suite shares internet with the other offices in the building?

Is your switch capable of vlan'ing? is your router?

vlans should be used, one for data, one for voice, one for video. QoS should be used to give priority to the internet for whats most important. Ethernet hubs should be replaced with switches(theres always one jerk).

sgjohnston
Apr 20, 2011, 09:26 AM
If your switches support sFlow (most decent managed switches do other than Cisco - www.sflow.org (http://www.sflow.org) has a list of equipment that supports sFlow), then you can use free software such as sFlowTrend (http://www.sflowtrend.com) to view traffic flows and volumes.

imzeek2u
May 15, 2011, 09:01 AM
I'm the admin of a mostly Mac network with an Xserve. If you have an old PC or a Windows VM you can dedicate to the task, I'd recommend PRTG:

http://www.paessler.com/prtg/

I use the freeware version, which offers 3 sensors to monitor bandwidth (WAN, Top Talkers, Top Protocols) on our school's network. Works great, was easy to set up and gives me what I need to help troubleshoot the type of things you're experiencing.

You can also get into Lithium (http://lithium5.com/) for $229. Very sweet UI.

You'll need to read the requirements, as the previous post is correct about you needing a switch with a port that can be set as a monitor port (aggregating all switch traffic). This will be the port you'll connect your monitor system to for data collection. So that system also needs at least one available NIC that can be dedicated to the task. In short, it's easiest when the monitor system is dedicated to its purpose to avoid having to create filters to block the collection of data for other processes that may be running on the host that aren't related to your collection requirements. It certainly can be done, but requires a lot more investment of time and trial & error. Hope this makes sense. :)

turbobass
May 15, 2011, 02:00 PM
You say your router connects to the buildings WAN. does that mean your office suite shares internet with the other offices in the building?
Yep.

@imzeek2u, @sgjohnston, @hmmfe

Thank you for your in-depth replies to this thread that I missed, and I am playing catchup to try your suggestions -- the Switch is not a Cisco though it may have some of that functionality in it (being a Linksys) and I am going to look into Xserve, PRTG, Lithium, sFlow.

Belated thanks again.

turbobass
May 18, 2011, 05:12 PM
You can also get into Lithium (http://lithium5.com/) for $229. Very sweet UI.

You'll need to read the requirements, as the previous post is correct about you needing a switch with a port that can be set as a monitor port (aggregating all switch traffic). This will be the port you'll connect your monitor system to for data collection. So that system also needs at least one available NIC that can be dedicated to the task. In short, it's easiest when the monitor system is dedicated to its purpose to avoid having to create filters to block the collection of data for other processes that may be running on the host that aren't related to your collection requirements. It certainly can be done, but requires a lot more investment of time and trial & error. Hope this makes sense. :)
Would you recommend this type of application-specific setup for Lithium, or can it function with it's "Core" and "Console" installed on a workstation that is being used for everything else that user is doing as well?

If not, what would you recommend running Lithium on? If I had my druthers, something as simple and versatile as Lithium would be the way we'd go. I'm trying the trial now but would definitely be interested in running a dedicated machine if it promised better results but don't want to waste the $$ if not...