Questions

Simple Network Traffic Observation

Tags: Security, Software, Networking
+
0 Votes

Simple Network Traffic Observation

support
Ok there's a lot of packet & network analyzers, etc. out there but I am thinking simple here for a first level of observation:

Is there an open source tool out there that can look at network traffic and sort by IP (and select sort column too) so that one can look at the LAN and find out instantly which IP address & therefore which Host is using the most % of total packets sent and/or received. Kind of like the task manager where you can click on the CPU utilization column and then look for the task that's at a given percent.

Some columns would include the following with an option to add or delete columns just like the Windows Task manager:
IP/Host Source with MAC address; Public destination IP & MAC address; Public IP/Host Source & MAC address; Destination IP/Host of Public Host; Percentage of packets sent out of total packets sent; Percentage of packets received out of total packets received.

This would be a time saver over a detailed network packet analyzer which contains way more information that necessary in the following scenario:
A customer has many nodes on the LAN;
At some point after everyone is finally logged in and working during the day, users may mention that the network is slow and in fact it is. This tool could be useful for instantly pointing to the hosts with the highest traffic inbound and outbound and in the case of an attack, one could see the public IP that may either be saturating inbound to the firewall or in bound to a particular host, or a user saturating bandwidth by sending out large amounts of data.

Again, I'm looking for a high level tool, not a packet analyzer. Once the local or remote host is identified, then a packet analyzer may or may not be useful.

Thanks!

Member Answers

    • +
      0 Votes
      Choppit

      You'll need your traffic to pass through (or be mirrored to) a device supporting/running netflow or similar

      http://en.wikipedia.org/wiki/Netflow
      http://sourceforge.net/directory/os:linux/freshness:recently-updated/?q=netflow

      +
      0 Votes
      robo_dev

      1) Ipswitch Whats up gold
      2) PRTG

      Of course that's not open source, but PRTG will do some things with no license.

      There are some technical hurdles to cross to do all of what you are asking, mainly:

      a) On a switched network, you only see broadcast traffic unless you do port mirroring or use a hub between a switched port and the server or workstation you want to sniff.

      b) At a high level, a lot of what you need can be done with SNMP. The quickest and easiest way to do this is with a vendor utility (some are free like Cisco Network Assistant). It takes more work to setup a third-party SNMP utility like PRTG.

    • +
      0 Votes
      Choppit

      You'll need your traffic to pass through (or be mirrored to) a device supporting/running netflow or similar

      http://en.wikipedia.org/wiki/Netflow
      http://sourceforge.net/directory/os:linux/freshness:recently-updated/?q=netflow

      +
      0 Votes
      robo_dev

      1) Ipswitch Whats up gold
      2) PRTG

      Of course that's not open source, but PRTG will do some things with no license.

      There are some technical hurdles to cross to do all of what you are asking, mainly:

      a) On a switched network, you only see broadcast traffic unless you do port mirroring or use a hub between a switched port and the server or workstation you want to sniff.

      b) At a high level, a lot of what you need can be done with SNMP. The quickest and easiest way to do this is with a vendor utility (some are free like Cisco Network Assistant). It takes more work to setup a third-party SNMP utility like PRTG.