Find network hosts that are using up all the bandwidth
Q I work in the IT department of a small hospital. More and more, we have PCs going out into our wards and doctors' areas - all of which have internet access. Some time ago, I installed Squid and DansGuardian and they're working really well. The thing is, our network really isn't very fast - the main hospital still runs on 10MB Ethernet and some of the cabling infrastructure is over 15 years old. Sometimes our network slows down to a crawl, and I think it's because someone out there is downloading a lot of large files (some of the medical PDFs can be huge). Can you recommend any software to monitor the network for me and show me any hosts that are using up all the bandwidth?
A Ntop (www.ntop.org) is a free, portable traffic monitoring tool, and should be your first port of call. Designed to be the network equivalent of top, it collects network metrics and can report on network traffic by interface, protocol and host. Or try MRTG (http://people.ee.ethz.ch/~oetiker/webtools/mrtg), a daemon that generates a visual representation of SNMP variables changing over time and has traditionally been used to graph bandwidth utilisation in and out of an interface. You may have to install an appropriate SNMP daemon if the monitored interface is on a Linux host, while most routers and managed switches have SNMP capabilities that can be enabled.
MRTG becomes very resource-intensive when polling a large number of devices as, by default, it generates all image files every five minutes. However, you can use rrdtool to store the data collected by the polling engine and a third-party CGI script such as 14all.cgi to generate reports only on demand. Finally, Ethereal (www.ethereal.com), a free utility for sniffing, filtering and decoding network traffic, is invaluable for thorough traffic investigations but would be overkill for your everyday monitoring of network usage and capacity planning.
Follow us on Identi.ca or Twitter