Tools
Various software tools are available to measure network traffic. Some tools measure traffic by sniffing and others use SNMP, WMI or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.
Measurement tools generally have these functions and features:
- user interface (web, graphical, console)
- real-time traffic graphs
- network activity is often reported against pre-configured traffic matching rules to show:
- local IP address
- remote IP address
- port number or protocol
- logged in user name
- bandwidth quotas
- support for traffic shaping or rate limiting (overlapping with the network traffic control page)
- support website blocking and content filtering
- alarms to notify the administrator of excessive usage (by IP address or in total)
Some of the available tools include:
- Exbander Precision by DBAM Syetsms
- FireBeast is a software firewall that offers bandwidth management and traffic shaping.
- Infosim supports all different network flow technologies such as Netflow, sFlow, jFlow, cFlow or Netstream.
- PRTG runs on Windows, with graphical and web interfaces. It captures packets using Cisco Netflow or packet sniffing or uses SNMP to monitor bandwidth usages.
- MRTG
- Sandvine Intelligent Network Solutions measure and manage network traffic using Policy Traffic Switches
- Cricket is a tool originally written for WebTV Networks.
The Netflow article also lists devices which generate and applications which analyse Cisco Netflow records.
RRDtool
RRDtool has a graph function, which presents data from an RRD in a graphical format which is customizable.
RRDtool is a round-robin database tool. It is designed to handle time series data like network bandwidth, temperatures, CPU load etc. The data is stored in round-robin database so that system storage footprint remains constant over time. It also includes tools to extract RRD data in a graphical format. RRDtool was written by Tobi Oetiker as a replacement for MRTG and it is licensed under the GNU GPL.
Multi Router Traffic Grapher
The Multi Router Traffic Grapher or just simply MRTG is free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form. It was originally developed by Tobias Oetiker and Dave Rand to monitor router traffic, but has developed into a tool that can create graphs and statistics for almost anything.MRTG uses the Simple Network Management Protocol (SNMP) to send requests with two object identifiers (OIDs) to a device. The device, which must be SNMP-enabled, will have a management information base (MIBs) to lookup the OID's specified. After collecting the information it will send back the raw data encapsulated in an SNMP protocol. MRTG records this data in a log on the client along with previously recorded data for the device. The software then creates an HTML document from the logs, containing a list of graphs detailing traffic for the selected device.
Paessler Router Traffic Grapher
With PRTG bandwidth usage of a network can be monitored and classified using the three most common bandwidth data acquisition methods:
- SNMP: Reads traffic counters of network devices like switches, routers and servers
- Packet Sniffer: Looks at all data packets traveling through a network using the promiscuous mode and analyzes the network packets to find out the IP addresses, protocols, etc. of the source and target machine
- Netflow: Analyzes Netflow protocol packets used mostly by Cisco routers
Using SNMP not only bandwidth usage but also many other network readings (e.g. CPU usages, disk usages, temperatures) can be monitored using SNMP OIDs.
The usage data is constantly recorded and the historic data can be analyzed e.g. with data tables for usage billing and graphs for trend analysis via a web server interface and in a Windows GUI.
PRTG was originally developed by Dirk Paessler when he discovered how much effort it is to install and configure MRTG on Microsoft Windows systems. More than 100.000 installations are currently active. A freeware version is available.
