Networking / Beginners

---

Reporting on Bandwidth Usage and Other Metrics

If you have ever been in a position to request approval to upgrade your Internet bandwidth, one of the first questions that often come up is, "What are we using the bandwidth for now?" You don't want to have to admit you don't have any idea. In these cases, some type of reporting mechanism on network traffic would come in really handy. Or maybe the Internet responsiveness is slow because your Internet connection is being saturated and you want to know what it's being used for.A report based on the protocols and ports being used would do the job nicely.There are administrative uses for traffic statistics, but where does security fit in? Maybe the entire network has come to a crawl and you need to know why... fast. There are a lot of ways to determine the cause, but a nice graph showing that a particular workstation is generating all the traffic could help. If your reports clearly showed a particular workstation is uploading large amounts of data over a file sharing network, there could definitely be security implications. When it comes down to it, there are a number of metrics that could be useful for administering and securing your network.

There are many commercial products to provide various levels of insight into your network data flows.There are also a large number of products, both commercial and free, to collect more-focused pieces of data (such as Web server statistics).The following list provides a brief summary of some of the best general-purpose free offerings, with additional instructions on how to install and configure the products provided later in the tutorial.

• Multi Router Traffic Grapher (MRTG)</strong> When it comes to generic network statistics using free software,MRTG is one of the most widely used.You can download it for free from http://oss.oetiker.ch/mrtg/. It will run on Unix/Linux,Windows, or Netware systems and is incorporated into many third-party applications. It derives its figures and graphs from simple network management protocol (SNMP) information, so you will need to support SNMP on your devices to use MRTG or figure out some other means to get MRTG the data it needs.We will discuss SNMP concepts in more detail in the next section, so feel free to jump ahead if you are not comfortable with SNMP.MRTG uses Perl (www.perl.org) on the back end for the real work, which is freely available and easy to install.
• MZL & Novatech TrafficStatistic TrafficStatistic (www.trafficstatistic. com) works a little differently than MRTG does; it gathers its data by sniffing all the network traffic. Much like an IDS, for traffic analyzers that work this way, placement within the network will be crucial to collecting the data you want to see. In a small environment, this should not be too difficult.TrafficStatistic offers only very minimal reporting data, consisting of total throughput (in, out, and combined) and a top-10 talkers (in, out, combined), and top-10 protocols (in, out, combined). If you need anything more than that, you can pay for additional plug-ins. Some of the plug-ins are rather affordable. You can download the free version from www.trafficstatistic.com/pages/basemodules.html.TrafficStatistic might be a good option if you want something that's very easy to install and get running and only provides the most basic of reporting data.
• PRTG Traffic Grapher This is probably the best free offering available at the time of this writing based on functionality and ease of use.You can download the free version from www.paessler.com/download/prtg. PRTG Traffic Grapher is one of the move versatile offerings and can extract statistical data from the NetFlow protocol, SNMP, and traffic sniffing.The setup is pretty painless and the graphs are well constructed by default.The limitation for the free version is that you can collect data from only three sensors, which is generous and will probably be plenty for a small environment.
• ntop Ntop (www.ntop.org) is a very powerful Web-based utility to analyze network traffic.You can run ntop on FreeBSD, Linux, Solaris, SGI IRIX, AIX, and Microsoft Windows systems. Ntop does not natively include alarm and notification mechanisms; its sole purpose is the collection and reporting of traffic statistics, which it does very well.The level of detail offered by ntop exceeds that of any other utility reviewed here. Ntop is also completely free, with no restrictions or limitations.