Looking for an open source real-time network analysis program

Can somebody recommend an open source real-time network analysis program?

What I'm looking for the program to do is display a graph of bandwidth usage by IP within our internal network that can quickly be viewed any time we need to (typically when we want to quickly find out who is utilizing high amounts of bandwidth and slowing down the network).

We ideally simply want to hook up a monitor on the wall of our server room to a system whose NIC will be in permissive mode to log all network activity in a visual manner which can easily be seen and running 24/7.

Prefer open source as I do not have a budget for this project and prefer open source projects in general. I'd also prefer for this to be available for CentOS but any linux distro or Windows OS would be acceptable.

Thanks!

Edit: Also, it can't use SNMP. The gather needs to be logfiles or promiscuous mode.


Solution 1:

NTOP is something you might want to consider. It automatically collects a lot of useful information. But it works better if you want to see 'the big picture' and not so great for "I need to know who is slowing down our network exactly this second".

The best tool for 100% real-time info, in my opinion is, tcptrack. It just monitors a given interface and shows connections that use the most bandwidth. I mirror all internet traffic on a switch to a port that is connected to a dedicated NIC on a server running tcptrack. That I can see precisely which IPs/ports are hogging the bandwidth.

Solution 2:

Set up your edge switch to mirror traffic to your traffic analysis system or put your system in-line and have it running your enterprise firewall.

Once you do that, you can run a tool like ntop or argus.

Solution 3:

There are a couple out there , most of them based on RRDTool.

  • MRTG
  • cacti
  • OpenNMS

Personally we use Cacti here and love it.


UPDATE: in response to the comments although i'll leave the above in case someone finds it useful

A couple of other options.

  • If your router supports it use NetFlow. SolarWinds($) has a good analyzer, and flow-tools is a good open source option.
  • You could try to use Something like AdventNet Firewall Analyzer - decent tool for small businesses but doesn't scale that well. (i think this one uses SNMP though so it might be out)
  • You could probably get the same type of info out of SNORT with the added benefit of also having an IDS on the network

Although I would really try to start working on management and convincing them that SNMP if configured correctly is not insecure at all. SNMP is such a great and powerful tool for a sysadmin.

Solution 4:

If bandwidth usage per IP is what you need, NTOP in promiscuous mode is perfect out of the box. Just install the rrdtool plugin for some nice per-ip bandwidth over time graphs.