Network Traffic Monitoring

monitoring bandwidth traffic

Solution 1:

I'm assuming you have a commercial router/switch, it most likely has SNMP which you can combine with MRTG for a nice traffic graph.

Solution 2:

I think your best bet is going to be a mixture of Cacti and Ntop.

ntop is going to provide you information about the traffic on your network, like the hosts that are consuming the most... what traffic is causing slowdowns, etc...

Cacti is going to give long term trends about your bandwidth consumption so you can tell how you networks traffic has changed over time.

Solution 3:

When you have users reporting 'network issues', the problem could relate to a multitude of issues (routing, switching, host configuration, unicast, multicast, security policy, hardware failure). It's very unlikely that you'll find one piece of software to monitor all your different potential problems.

Instead, focus on two things:

  • Instrumentation: come up with a monitoring strategy that allows you proactively monitor for those faults that occur regularly. See this previous answer for more detail.

  • Troubleshooting: come up with a quick, standard series of tests that you can run to immediately try and isolate where the problem might be, and publish it to your users.

Some example tests:

  • ping your default gateway
  • ping another host on the same subnet
  • ping an off subnet host
  • what kind of packet loss are you getting?
  • do results vary with packet size?
  • can you successfully telnet from the command line to the destination IP/port?

These kinds of simple diagnostics can often point you very quickly in the right direction. Finally, if you can, always get a source IP, a destination IP, and a destination port. Try and educate your users; ambigious complaints like 'the network is slow' can't be easily diagnosed.

Solution 4:

Try MRTG and/or ntop.

Related

Should I expose my Active Directory to the public Internet for remote users?
Is a wildcard CNAME DNS record valid?
How do I log every command executed by a user?
How to force nginx to resolve DNS (of a dynamic hostname) everytime when doing proxy_pass?
How to reduce number of sockets in TIME_WAIT?
Why not block ICMP?
iptables - Target to route packet to specific interface?
REJECT vs DROP when using iptables
What tool do you recommend to track changes on a Linux/Unix server
Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?
Generating a self-signed cert with openssl that works in Chrome 58
Allow SFTP but disallow SSH?