Tools for Monitoring Network Bandwidth Usage

10ulises

Reputable
Sep 24, 2014
37
0
4,530
Does anyone know of any tools that can be used to monitor network bandwidth usage including what type of sites are being visited or what is being downloaded? I know that you can use a third party firmware like DD-WRT to monitor the amount on certain routers but does anyone know of anything beyond that?

Thanks.
 
Solution
My home network is similar to the second diagram from PacketChaser. A small, old, slow PC running a Linux firewall, in between the internal devices and the outside world. $50 on craigslist.

It sits in the corner and does its thing.
There are many but all require some device in the path to intercept and analyze the data. There is no software based platform that can see what another device is doing, that is essential to how internet security works. There are piles of software you can load on a client that will analyze what that one machine is doing.

Once you are willing to place hardware in the path there are many solutions. Some are simple reports based on wireshark captures and other filter and monitor traffic on a live basis. Many firewalls and proxy server have very extensive reporting.

It is going to depend on the level of data you want. Simple utilization reports and lists of sites can be obtained from things like netflow that even dd-wrt can generate. When you need to know for example what exact files where downloaded a proxy tends to be your best options since it tends to keep more detailed logs. Still on a large connection you get massive amounts of data which makes it hard to find things unless you really know what you are looking for.
 

barryherne

Honorable
Jul 15, 2013
1
0
10,510
There are mnay tools on the market and they vary in price and features that they have. I use Anturis http://www.anturis.com , which is a cloud based tool with all in one character i.e. you can monitor not only the network, but websites, servers etc. The tool has an agent which monitors everything in the network and doesn't influence the network itself. The price is affordable and the tech support great.
 

PacketChaser

Reputable
Nov 15, 2014
3
0
4,520
As Bill mentioned, if you are trying to monitor the traffic of others, you need to sample it between the modem and any switches you may have, including one that may be built into the modem and in use. There are ways around that. If you are just monitoring your own usage to see where it's going, than any of the many packages out there to do so should work. You can probably find something on sourceforge that will log the traffic, at least by IP address, and show the amount of data transferred.

If you are monitoring others usage, you need to eliminate any switches before your monitoring computer. You can go in-line/active or OOB (out of band) passive. Depending how you are setup now and what you have laying around, either will cost a little money. Each has it's own advantages. So you have a modem of some sort, a box that converts the Internet signal from your provider to Ethernet that your computers can recognize, wired and/or wireless.

At some point, internal to the modem, or externally with your switch (maybe a wireless box with a switch built in), the data is "switched out," meaning it is only sent down the path to device it is being sent to. So after the switch, the data is not sent all over the network, it is only sent to the next switch, router or to the computer for which it is intended. This is a problem for network monitoring, because you can not "see" all the traffic at any point past the switch. [[To be accurate, there are a couple of exceptions, multicast or broadcast traffic, but it is of little interest for monitoring outside traffic. Multicast goes to some or all, rarely used, and broadcast goes everywhere, used all the time, often 10 to 30% of your local network traffic.]]

Software con not directly reach out and see the traffic that has been switched out and not available to your computer. So you can not directly monitor the traffic downstream from a switch. You can use SNMP and get information from the computers that you are wanting to monitor. Free spiceworks does just that, and you can gain a lot of information about who's doing what. I don't have SNMP turned on on my client computers because I am on a large network and don't want the bandwidth used for something I can find out by other means. Spiceworks is well supported and has its own community. This is the only free option I am aware of, should be fairly easy, as long as you can get on all the computers with admin rights and follow their directions to turn on SNMP or install their agent. There is a badwidth usage report, so I am sure it is supported. You could also find and install some sort of nannyware on each computer to see what they are up to.

First, for OOB or in-line, if you have a wireless device built into the modem, turn it off. If you are using it, that will need replaced. Not expensive. You can replace it with a cheap WAP or an old modem/router with wireless (you will just not use the Internet/WAN input). If it has a switch and you have multiple computers, printer, etc plugged into that, you will need to stop using all but one connection. That can be replaced with a cheap switch, new or used, or if you also use wireless, the old modem with wireless and a switch should replace both. A switch if you are all wired is just a plug in and go thing. Wireless router, see: http://www.tomshardware.com/forum/33700-42-ultimate-modem-router-setup-thread Unless you are heavy on your internal network traffic (gaming between your computers, or you have a "server" streaming video), you only need the speed to be about as fast as your Internet connection. In fact, if you are after someone who's hogging up the connection, you may want to throttle them back by using a device that's slower than your network connection.

OOB:

Advantages are you can use your own computer without it getting too busy doing the monitoring and filtering. If your computer is away from the Internet/modem, it can stay there and you won't need to run more wires if it's already wired. You need to buy a hub for this option (assuming you don't have an enterprise type managed switch). They should be cheap used. They look and act like a switch, but they echo all traffic in any port out all the other ports, not switching out the traffic. They are not commonly used today, especially not for home networking. When things were expensive, they were common at home as a cheap alternative to a switch. So you plug the hub into the modem, so in addition to internet, that is the only connection to the modem, then plug your computer into the hub, and you will be able to see all traffic to and from the internet. At this point, you are the only one on the internet, so you want to either plug the others into the hub as well, or into a switch, WAP or old wireless router as described above.

passive_zpsde832ee7.png


In-line, advantage is, with the right software, you can control what goes in and out, filtering. You can also throttle back the connection to everyone but you (evil grin). It will likely make the computer pretty busy, and it would be best to use another computer for the task, not your computer. Linux is very well suited for this. You need an old computer with two NICs (netwrok cards), and you use it in-line instead of the hub. Since you don't use the hub, you will need to get a switch, WAP or old wireless device after the computer.

active_zps6ba0604b.png


If you are willing to do the work and learn, you can probably swing it for $50 to $150, depending what you have and what you need to buy.

As for software, I'll leave that up to you. It all depends on how simple or granular you want it to be, if you want to buy it, or if you want freeware. Linux tends to have no strings attached for free stuff, sometimes, you will find it is incomplete, but there is plenty of ripe Linux software out there. Windows software usually, with some exceptions, tends to have strings attached, expire, have features disabled, or cost money. Money is no guarantee of function in the payware world! If you get software going that only gives you an IP address rather than a website url (http://blabla.bla), you can just identify the high traffic IP's, google "whois IP" and look up the information there by typing in the IP address.

Keep this between you and me, because if users know they are being watched, they can get on a proxy site and you won't be able to see where they are going on the web. Of course, if you are in-line, just block the proxy site :D

Enjoy the adventure.
 

USAFRet

Titan
Moderator
My home network is similar to the second diagram from PacketChaser. A small, old, slow PC running a Linux firewall, in between the internal devices and the outside world. $50 on craigslist.

It sits in the corner and does its thing.
 
Solution

traffichaser

Reputable
Jan 21, 2015
4
0
4,510
You should also check out www.sparrowIQ.com and easy to use, easy to understand bandwidth monitoring and network traffic analysis software. Developed specifically for SMBs - doesn't rely on NetFlow (although has this capability) and VERY affordable.