Getting a handle on network usage

Sniffing out end-user bandwidth consumption.


I'd like to know your recommendations pertaining to network monitoring software. What type of software would you recommend that allows me to see each workstation's Internet activity? I'm not sure if it's called "sniffing", but what I'm trying to do is locate users who are using most of the router's bandwidth. I also would like to know, through the software, how this user is using the router's bandwidth.
-Anthony Catbagan

There are several ways to do this. The first involves an open-source application called MRTG. This is essentially a Perl script that can interrogate an SNMP-enabled switch. What you end up with after some setup is a web page for each manageable device that tells you, on a per-port basis, what bandwidth is being used. You can generate a summary page per device that allows you to drill down to a port level to identify the bandwidth hog you are in search of. If you aren't as comfortable with getting involved at a low level, another option is a Windows-based package called PRTG.

If you aren't able to watch things at a switch level and have access to the router that connects you to the Internet, look at using the Netflow protocol supported by most Cisco routers. This is a little more complex than just enabling the SNMP option on a Cisco switch or router, but you'll get a lot more detail than MRTG or PRTG can provide. You can also use some of the sniffing packages such as Wireshark or the commercial packages like Network General's Sniffer product line.

Another option to consider is Packeteer. This company's wares allow you to do several things - identify who is using the lion's share of the bandwidth and what they are doing, where they are going, etc. You can also get some of your bandwidth back by throttling back or stopping altogether the ability of some services such as some of the more readily known peer-to-peer software packages, instant messaging clients, etc. Depending on the level of sophistication you want to enable, you can also allow some of these activities to take place after hours when bandwidth needs may not be as critical.

For more information, our sister site Techworld has a comprehensive network monitoring resource page.

"Recommended For You"

More SNMP leaks proved Cisco rolls out security updates