Log TCP/IP Traffic

  • Thread starter Thread starter Siegfried Reichmann
  • Start date Start date
S

Siegfried Reichmann

Hello All,

I would need a software to log the interet traffic of each workstation
connected to the local network.

The software should only be installed on one PC connected to the network
and collect the following data:

Logging the Size of outgoing and incoming internet traffic of each
workstation on the local network. One record for each workstation/day
would be fine.

Is this possible?
How to do this?
Can anyone tell me software products for doing this?

Thanks in advance
Siegfried
 
There are several applications that monitor traffic based on configurable
criteria. First, you need a switch that can ehther have a monitor port
configured, can export statistics using snmp, or even better - both.
Otherwise all you'll see is broadcasts fi your monitoring by IP address.
Take a look a PRTG if you need an easily configurable Windows application.
It's avaliable in several flavors (free - 1 sensor, about $50 for a 25
Sensor, about $150 for 100 sensors). It can monitor using snmp to gather
port usage statistics, plus it'll capture TCP/IP traffic by filtered
criteria (host, network, inbound, outbound, specific ports, etc.). It'll
draw you a series of graphs and can tell you real-time bandwidth consumption
+ keeps stats for up to a year for historical reference. It also can count
total throughput.

If you need something free, look at ntop (linux). This excellent application
has its own web server and can be configured to only look at specific
traffic via "libpcap" style filters (PRTG uses the winpcap windows version).
It doesn't graph everything, but you can run it on several computers with
different filters if you need graphs. It does show tables with the kind of
information you are looking for.

Either app requires a separate NIC in promiscuous mode and a switchport
configured to monitor traffic on the ports you are interested in.

http://www.ntop.org/

http://www.paessler.com/prtg


If you can get by with just SNMP, you can also lok at MRTG. Another
excellent free program tha will run on Windows (with PERL installed) or
Linux. It's a bit more difficult to tweak than either of the other two, but
well worth the time.

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
 
Kurt said:
There are several applications that monitor traffic based on configurable
criteria. First, you need a switch that can ehther have a monitor port
configured, can export statistics using snmp, or even better - both.
<snip>
.... or a hub
 
Good point, CJT. Yes, a hub that is up to the traffic load will also provide
an insert point to monitor traffic.

....kurt
 
Back
Top