2

I'm attempting to monitor the bandwidth usage on our network. I've come across two products that seem to fulfil our needs. MRTG and nTop, however I'm unsure which to use.

My work is a small company of about 10 people. We have a standard 4 port ADSL2 router that connects to a (Netgear) gigabit switch that gets used by our staff. DHCP is on the router itself, we have a designated fileserver/NAS that is running (Currently) Linux Ubuntu 8.04 LTS.

If I wanted to monitor usage of traffic, can I install either on the Linux box (others are Windows) and use SNMP to monitor the traffic or do I need to setup another box which will be our DHCP and have that monitoring the usage? How do they anaylse traffic otherwise?

Leah Calum
  • 211
  • 2
  • 8

5 Answers5

1

It depends on what your router supports. If your router only supports SNMP, you have to use MRTG. This will give you a graph of the bandwidth used.

If your router supports Netflow then nTop is a better solution because you will get a graph of the bandwidth and be able to see details of the traffic. So you can know that computer A has downloaded N MB from website B and so on.

Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151
radius
  • 9,633
  • 25
  • 45
1

Personally I prefer cacti over MRTG. Cacti can do more than just switch/firewall port activity straight out of the box and scales a little better.

The advantage of nTop is that nTop can conceivably help you drill into network bumps and help you answer the question of "what is that?" You don't necessarily need netflows to make nTop work, it will be quite happy listening to a port mirror/monitor/RPA of the firewall's and working from that.

Personally I like something a little more robust than nTop. I use a fprobe/nfdump/nfsen setup (my setup notes). It lets you store the flows for a period of time, so you can go back after the fact and run more detailed analysis of the traffic for interesting periods.

David Mackintosh
  • 14,293
  • 7
  • 49
  • 78
1

For my small office environment I dropped a small hub between the firewall and the interior switch(es). I installed ntop on a CentOS Linux machine which, in my case, is a VMware server client with its own "dedicated" NIC. The centos box connects to the hub and can easily see all the traffic to and from the firewall. No netflow necessary nor was there any need to change the network or replace any gear.

When I'm not monitoring I can just pull the hub out of the mix.

Chris_K
  • 3,444
  • 6
  • 43
  • 45
0

If you have a manageable switch, you can setup a mirroring port for monitoring purpose. With an internet monitoring program connected to the mirroring port, you can monitor and record every internet usage and bandwidth usage . Products I would recommend: 1. "WFilter Enterprise" 2. "Websense"

wfbla
  • 21
  • 1
0

Since your network is switched, traffic between hosts will be confined to the path between them. In other words, your network monitoring device won't see it.

To solve this, your switches need to be able to mirror all traffic passing through towards a monitoring port. This way you can route a copy of all data to your monitoring device that runs ntop. If you're using basic switches this may be a problem.

Martijn Heemels
  • 7,728
  • 7
  • 40
  • 64