Network traffic reports

Hi everyone

I need help with something on my school network, and users on another forum in South Africa (where I'm from) were unable to really help me.

I'm trying to find software that can give me a report of protocol usage on my network. I want to be able to take these, add them up, and compare it to the total figure that our ISP supplies online as a daily usage tracker. For example, if it's 500mb, I want to know what amount was POP3, SMTP, HTTP, DNS and so on.

All traffic eventually flows through a Symantec 320 series Gateway firewall. Unfortunately, this thing has no traffic counters or anything like that. Apart from that, it's doint it's job as a firewall brilliantly, so I am not able to replace it with a Linux box or anything.

All the network switches are unmanaged too, so that also doesn't help me.

Our school is on a tight budget, and I don't think I'll be able to get approval to buy some software that they don't know the purpose of, or at least that is not immediately obvious to them.

I tried Ntop for Windows, but it didn't store data, and so turned out to be no good. Tried PRTG Traffic Grapher, and also no good.

I need a program similar to Network Probe by Object Software, but if humanly possible I would prefer free or open source. If I can use it to pull out graphs and reports for senior managment, all the better.

If anyone can help me, I'd appreciate it immensely.

Thank you :)

Wireshark?

Open source windows protocol analyser.

Ben

I'd have said the same - set up wireshark on a linux bo, and set up a mirrored port on your switch.

I'd suggest WireShark also. You set it off 'capturing' packets, and then you can use the statistics menu, got quite a few nifty things that it'll tell you;
It is also able to tell you how much of the traffic was each protocol. It'll tell you percentages aswell as data sizes and a whole lot more!

Have a lookie: http://www.wireshark.org/

Thanks everyone for the replies.

Unfortunately I am unable to set up a mirrored port on any switch, they are all basic unmanaged ones. They were installed years before I got here, so sadly there isn't much I can about that.

As for Wireshark, I have it installed, but now as I try to read the user guide and try to make filters I find myself being lost. How would I write a filter or filters that contains the following?

Outgoing DNS requests, SMTP mail out, HTTP and HTTPS out, and POP3 coming in.

I will read through the documentation and keep trying.

Do you have a hub? You could place a hub between your internet router and your network and then plug your monitoring machine into the hub. Because of the way a hub works, you'll be able to see all the traffic.

Hi, is there a way I can monitor traffic to certain rooms, see how many mp3's are being played etc? also the amount of bandwidth is being used

Thanks

Quote:

---

Originally Posted by FN-Greatermanchester

Hi, is there a way I can monitor traffic to certain rooms, see how many mp3's are being played etc? also the amount of bandwidth is being used

Thanks

---

That'd be worth knowing for me as well.
That way i can see what parts of the network/s are being limited by the uplinks, and where the bottlenecks are.

Yes, I do this with cacti.

http://www.cacti.net/

For it to work you need:

A) Managed switches with SNMP enabled.
B) Know how your network is plugged together (3coms network director can tell you this).

http://www.3com.com/products/en_US/d...se&sku=3C15500

Is there a 'normal' app around anywhere that does the same? Or is it IIS only?

cacti works on LAMP/WAMP/WIMP.

http://www.cacti.net/downloads/docs/...l_windows.html

So no executable variants?:(.