Ok there’s a lot of packet & network analyzers, etc. out there but I am thinking simple here for a first level of observation:
Is there an open source tool out there that can look at network traffic and sort by IP (and select sort column too) so that one can look at the LAN and find out instantly which IP address & therefore which Host is using the most % of total packets sent and/or received. Kind of like the task manager where you can click on the CPU utilization column and then look for the task that’s at a given percent.
Some columns would include the following with an option to add or delete columns just like the Windows Task manager:
IP/Host Source with MAC address; Public destination IP & MAC address; Public IP/Host Source & MAC address; Destination IP/Host of Public Host; Percentage of packets sent out of total packets sent; Percentage of packets received out of total packets received.
This would be a time saver over a detailed network packet analyzer which contains way more information that necessary in the following scenario:
A customer has many nodes on the LAN;
At some point after everyone is finally logged in and working during the day, users may mention that the network is slow and in fact it is. This tool could be useful for instantly pointing to the hosts with the highest traffic inbound and outbound and in the case of an attack, one could see the public IP that may either be saturating inbound to the firewall or in bound to a particular host, or a user saturating bandwidth by sending out large amounts of data.
Again, I’m looking for a high level tool, not a packet analyzer. Once the local or remote host is identified, then a packet analyzer may or may not be useful.
Thanks!