General discussion

Locked

Traffic monitoring and traffic blocking

By cprowan ·
What's the best way to find out what kind of traffic is going out (and coming IN) across a T1 or serial link? I need to find out how much of the available bandwidth is being allocated for RealAudio, RealVideo, MP3 downloads, etc. Once this is determined, what's the best way to block RealAudio, RealVideo, and other streaming media without blocking access to applications that utilize UDP ports about 1000??

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Traffic monitoring and traffic blocking

by -Q-240248 In reply to Traffic monitoring and tr ...

No cheapo routers pleez!

If you're using a Cisco router, simple access-lists can be created to block access. You can do more with a Cisco PIX box as well. Debugging IP traffic will allow you to see IP TCP connections to those internet sites. THisis another feature of Cisco. But if you have a lame router, this will do you no good. You'd have to purchase a firewall/PIX.

Collapse -

Traffic monitoring and traffic blocking

by cprowan In reply to Traffic monitoring and tr ...

We have a Pix firewall and use Cisco routers throughout our WAN. I've tried debugging IP traffic and it doesn't give me the info I need in a timely manner.

Collapse -

Traffic monitoring and traffic blocking

by Shanghai Sam In reply to Traffic monitoring and tr ...

One way to get a good look at your utilization is with MRTG and CFLOWD. These programs capture the netflow info out of the Cisco (if supported) and gives you graphs of whatever traffic you specify. Very cool.. very complex to set up. You have to set up MRTG and CFLOWD on a linux box.

The biggest problem you will face is trying to block a specific port that you wish to use with another application. You may be able to change the ports your applications run on which could help too.

Check the following below if you are interested in seeing what you can do with it.

Good luck..

http://ee-staff.ethz.ch/~oetiker/webtools
/mrtg/mrtg.html - for mrtg

www.caida.org - for cflowd

Collapse -

Traffic monitoring and traffic blocking

by cprowan In reply to Traffic monitoring and tr ...

Hi, and thanks for taking the time to reply. I'm familiar with MTRG graphs and use them frequently (someone has taken the time to set up some MTRG graphs on all the THENET serial connections), but I don't know Linux at all. Besides, the graphs only show overall bandwidth utilization and doesn't break it down by application. Thanks anyway...

Collapse -

Traffic monitoring and traffic blocking

by bkduke In reply to Traffic monitoring and tr ...

We have firewalls that log all Internet access. Unfortunately they primarily log connections not effective bandwidth utilization. We have found the best tool for getting a grip on how our bandwidth was really being utilized was a packet shaper / network monitor. The one we decided on was the Packetshaper 2500 from Packeteer (www.packeteer.com). They have models that will only monitor and report on network traffic and others that will also prioritize and shape the traffic according to your policies and directives. The unit is self contained and as close to plug and play as you can get. All you have to do is to assign an IP address to the unit (and you really don't even have to do that) and install the unit inline to your traffic (ie. between your firewall and external router or internal router and your firewall). The unit will immediately start discovering and catagorizing your traffic and making its results available on its web server. The best thing is that you do not even have to describe your traffic as you do with a firewall, ie port 80 is http, port 443 https, port 23 is telnet. It looks at the traffic's protocols, not just the ports being used. We actually had an instance where it was reporting a telnet session ona port other than 23. Sure enough, a user was doing just that! For traffic shaping, the unit works best outside your firewall, immediately before your external router. However this can cause a problem trying to identify internal users if you NATyour internal network.

Collapse -

Traffic monitoring and traffic blocking

by cprowan In reply to Traffic monitoring and tr ...

I have already contaced Packeteer and have a demo in place. You're absolutely right about the "plug and play" aspect. And the graphs are excellent! EXACTLY what I was looking for. Thank you!

Collapse -

Traffic monitoring and traffic blocking

by Mikel~T In reply to Traffic monitoring and tr ...

I believe the best utillity I've seen is surfcontrol superscout. I don't know how large your company is, but with this tool, I can monitor up to 250 users. Where they went, and for how long. I can also block napster's protocols, realplayer's, andwhatever else I want. They have categories built in that you can block: adult, hate group, chat, radio music, etc....

I'm totally pleased with this product...go to www.surfcontrol.com to download a demo copy....you will be totally pleased with the results. You can even create your own rules...if some site is hosting a life telecast of some interview, you can block that site during the time of the interview to keep your users from using up all of your bandwidth...

it is definitely worth looking at.

hope this helps.

Mike

Collapse -

Traffic monitoring and traffic blocking

by cprowan In reply to Traffic monitoring and tr ...

Hi Mike,

I'm familiar with Superscout. I downloaded the trial version and after spending a lot of time tweaking and reinstalling and conversing with their tech support, I found out that it will only filter out MPG, RAM, MP3, etc., files that arelocated in the root directory of the web server. What good is that?? If the webmaster decides to put all his nasty images in a folder named \images, SuperScout won't filter it. Talk about a worthless piece of software . . .

Collapse -

Traffic monitoring and traffic blocking

by b.ververs In reply to Traffic monitoring and tr ...

You definitely should consider Packetshaper from Packeteer (www.packeteer.com). for your problem. Packetshaper can for example block realvideo and other protocols (even Napster traffic). Or you can limit this kind of traffic by shaping it: you can set a policy for example: 100 kbps max. for protocol xyz. within your WAN link. You can even block or limit access to specific urls.
Besides all this, packetshaper is very easy to use (web based GUI) and you get a lot of report possibilities as well.
We really like this product.

Collapse -

Traffic monitoring and traffic blocking

by cprowan In reply to Traffic monitoring and tr ...

We're demo-ing a packetshaper from Packeteer right now. You're right about the reposting aspects. It's a great product.

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums