Monitor network traffic on LAN???

[brianafischer]

I was wondering if anyone knows of a program that can monitor network traffic on a LAN. I have a LAN setup with two 5-port Linksys 10/100 Switches and a Linksys 1-port DSL/Cable router. I would like to monitor all of the traffic that goes through the Linksys Router and my cable modem. If anyone knows of a way to do this, please suggest.

Brian

 

[barebottoms]

Not on a switch unless you make on of the ports a management port.
Then there is the RMON solution, but thats really expensive.

Once you open up the port to send traffice from every switched port to it, you just use your favorite sniffing utility.

Then with your sniffer attached to the opened port create the filter for what you want to capture.

Since your trying to capture packets from both gateways, that is a lot of data you'll get. I suggest you be more selective in understanding exactly what it is you want to see.

 

[brianafischer]

I would just like to see the amount of traffic that is going through the router to the internet. Also, what program would you suggest using as a sniffer?

Brian

 

[barebottoms]

If you just want to see the amount of traffic,
There is a great thing called SNMP for doing that.
The device if it support SNMP, will have a variable to hold
counters. The ones you're interested in are
ifOctetsIn and ifOctetsOut.

Look at MRTG (yes, there is a windows port) that is probably what
you want. As for sniffing programs, I personally only use
tcpdump or snoop on Unix systems. Its free, command line, and works great for all the things I need to do.

If you need winbloze stuff, I've heard the names:
EtherPeek
Net Radar
etc.. etc..

I think they are all in the $1000's of dollars. I haven't
found a single program for winbloze that is nearly as flexible as
tcpdump or snoop yet.

 

[Helevitia]

Everybody is giving you good advice but it is much to complicated. Here is the simple answer:

Download SnifferPro from Network Associates, Install it on you PC, plug your PC in the swtich where your traffic is located and run sniffer pro, analyze data. Analyzing data is another story though. If you are not familiar with what you are looking at, it cna prove to be frustrating. SnifferPro has an excellent help database.

OK, I checked on the availability of SnifferPro and the one for Windows looks like it's a buy only. They do offer SnifferPro as a "try" for NT though. Also, they offere a stripped down version of SnifferPro called NetXray. I've never used it but I hear it does the job. Here is the link:

NetXray trial registration

Dave

 

[barebottoms]

Good Points, but I was just trying to point out that a sniffer
is WAY over kill if all you want is traffic count. Especially if you
have to pay for it. Did I say how much I love tcpdump and snoop?

There seems to be this misconception that a sniffer is a do it all, its not really. Way too cumbersome to do something that simple. I never bring my T-BERD, HP Advisor unless I have to. If all you're doing is polling for traffic count,
snmpget <host> <community> interfaces.ifTable.ifEntry.ifInOctets.1
is all you really need.

&quot;plug your PC in the swtich where your traffic is located&quot; this is not exactly right. You can't sniff on a switched port, or full duplex. You can get around a switched port by making the switch send all traffic to that port too. For full duplex, you can't get around that without special hardware.

What I'm saying is not complicated. Using a sniffer to gather useage is. Provided your sniffer can keepup with the load, you'll still have to tally up the size of the packets you've captured, the figure out the time from the deltas.

So in summary, sniffers are troubleshooting tools. Use it for when you need to look at a certain kind of packet, destination, source. Like why are my bootp messages misconfiguring my device...

SNMP is for Simple Network Management.

I'm not trying take out frustrations on anyone. Just realize that I know a little bit about networking to know that capturing a lot over packets, just to get a bandwidth ultilization is plain silly. Plus the fact that you'd have to open up a port to forward all traffic to it, which will increase the load on your switch. Then if its a full duplex port...

I wouldn't purposely tell you to use something else if it wasn't the right choice.

 

[BigDave]

Watch how often the little LAN Activity light flashes...

Works for me...

 

[Abednigo]

Using the router is what makes it more difficult to monitor. We have a similar setup except that we used a modem attached to the computer instead of the router. We use the wingate software to share access to the net, it serves as a firewall/proxy, and keeps detailed logs of all access, including sites visited, total bandwidth utilized, etc.