Network traffic measurement

Encyclopedia : N : NE : NET : Network traffic measurement

---

In computer networks, network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management.

This page lists software tools that measure use of a network, including excessive use (or abuse) which causes problems for other network users. These tools are aimed at network administrators.

Scope

Only tools which measure network traffic by sniffing the network are included. Some other types of network management tools can use SNMP, WMI or other local agents to measure bandwidth use on individual machines and routers. However, they generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software, such as rogue machines on the network, or machines for which no compatible agent is available.

Only tools which work on both wired and wireless networks are included. For example, [CommView WiFi] is excluded because it only supports WiFi networks.

Criteria

The tools are assessed against the following criteria:

• The operating system or hardware platform that they run on (user interface and packet capture system)
• The type of user interface (web, graphical, console)
• Whether they can show real-time traffic graphs
• Whether they can show total network activity broken down by:
• * local IP address
• * remote IP address
• * port number or protocol
• * logged in user name
• Whether they need to be pre-configured with traffic matching rules to do so
• Whether they support bandwidth quotas
• Whether they support traffic shaping or rate limiting (overlapping with the Network traffic control page)
• Whether they support website blocking and content filtering
• Whether they have alarms to notify the administrator of excessive usage (by IP address or in total)
• The licensing terms (Hardware, Commercial, Shareware, Freeware, Open source)
• The cost

Tools

• [Qosmos] is a hardware device, with a java user interface. It allow to ask questions to the network, the same way a SQL language is used to query a database. Therefore this tool is used to monitor networks and applications performance, feed Billing systems of Network Operators, profile the behaviour of network users, measure the audiance rate of services such as TV over IP.

• 3Com TippingPoint is a hardware firewall and intrusion prevention system which allows individual flows, once matched by firewall rules, to be traffic shaped. Should be able to identify viruses and worms. Unable to tell, from the information on their website, whether it helps to identify peer-to-peer traffic or large downloads, or monitor or manage total network bandwidth. Sold through dealers, probably expensive.

• [Bandwidth Controller] runs on Windows, interface unknown. It can show all connections in real time, but probably not totals by IP address and port, nor graphs. It does have traffic shaping, but probably no quotas or alarms. Shareware, $30, free trial for 30 days.

• [BWM Tools] runs on Linux, with a console and configuration file interface. It can graph traffic by IP address or port number, but only using rules which must be defined first, and not by user. It has traffic shaping, but no content filtering, quotas or alarms. Open source.

• Caligare Flow Inspector runs on Linux, with a web interface. It captures packet information from Cisco Netflow devices. It has graphs of total network bandwidth broken down by IP address and by port, but not by user. It does not have traffic shaping, content filtering, quotas or alarms. Commercial, no prices on website, free trial.

• [Crannog NetFlow Tracker] runs on Windows, with a web interface. It captures packet information from Cisco Netflow devices. It has reports and graphs of total network traffic broken down by IP address and port, but not by user. It does not have traffic shaping, content filtering, quotas or alarms. Commercial, no prices on website, free trial.

• [Crannog NetFlow Monitor] is a cut-down version of NetFlow Tracker, which is identical according to the criteria above.

• [ChromeStone NetRegulator] runs on Windows, with a graphical interface. It runs on a single PC rather than a whole network, and graphs bandwidth by application, although not the total bandwidth broken down by application. It has traffic shaping, but no quotas or alarms. Shareware, $25.

• [Colasoft Capsa] runs on Windows, with a graphical interface. It has graphs of network use, broken down by IP address and by protocol, and a list of top ten talkers. It may be able to determine the logged-in user. It does not have traffic shaping, content filtering, quotas or alarms. Commercial, $249, free trial.

• [Crystal Internet Meter] runs on Windows, with a graphical interface. It has real-time graphs of total network use, and history, but no breakdown by IP address, port or user. Does not support shaping, quotas or alarms. Shareware, $30.

• [DeskSoft BWMeter] runs on Windows, with a graphical interface. It has graphs which can break down traffic according to rules, which must be defined first. Does not support content filtering, traffic shaping, quotas or alarms. Shareware, $30.

• [Emerging Technologies Bandwidth Manager] runs on Linux and FreeBSD, or a custom hardware platform. It has a web interface, with graphs of bandwidth by IP address and by protocol, and other reports can be defined. It does not support a breakdown of total bandwidth, nor graphs by logged-in user. It supports traffic shaping, and IP quotas, with different shaping profiles depending on whether IPs are under or over quota. It does not support alarms, although it can notify users when they exceed their quotas. Commercial, $495 for software-only version, free demo.

• [Etherscan Analyser] is a basic packet sniffer, no graphs, traffic shaping, content filtering, quotas, or alarms. Shareware, $195.

• FireBeast is a software firewall that offers bandwidth management and traffic shaping. I was not able to review it since their website was down (perhaps they managed to reduce their own bandwidth to zero).

• [grofsoft.com Bandwidth Daemon] runs on Windows, with a web interface only. It must be configured manually to monitor specified flows. It has no graphs or drill-down capability. It does not have alarms for excessive bandwidth use. Shareware $25, free trial for 30 days.

• IBM [AURORA] is a Network Performance Profiling System, capable of running on Linux, Free/Net/OpenBSD, Solaris, AIX and Windows. with 32-bit and 64-bit versions on those platforms. It has a web interface and is made to be able to handle very high flow rates. Creates graphs, reports and indepth zoom reports. Commercial product available as software or appliance.

• [Inet Shaper] runs on Windows, with graphical and web interfaces. It has [graphs] of individual user activity and total activity, but not total activity broken down by user, port or IP address. It has a client-side agent to allow users to log in to shared PCs, and per-user quotas. It does not have alarms. Shareware $40, free trial for 4 users for 15 days.

• Infosim [StableNet] supports all different network flow technologies such as Netflow, sFlow, jFlow, cFlow or Netstream. StableNet comes in three editions (Entry, Enterprise, Telco) and runs on Windows, Linux and Solaris. The unique differentiating feature of StableNet is its ability for distributed flow collection and distributed preprocessing. This minimizes network management overhead on WAN links, increases scalability and improves reliability.

• [Javvin Network Packet Analyzer] runs on Windows, with a graphical interface. It has graphs of activity by local and remote IP address, and rules can be defined for graphs by port, but it does not support graphs by user, nor traffic shaping, content filtering, quotas, or alarms. Shareware, $249.

• [Link Logger] runs on Windows, with a graphical user interface, and supports Linksys, Netgear, ZyXEL, and Westell routers. It has pie charts of activity by IP address, website and port, but not by logged-in user. It does have content filtering (assuming your router supports it), and may have alarms, but not traffic shaping or quotas. Shareware, $50, free trial for 14 days.

• [ManageEngine Netflow Analyser] runs on Windows, with graphical and web interfaces. It captures packets using Cisco Netflow only. It has reports and pie charts (but not line graphs) of traffic broken down by source or destination IP address and by protocol, but not by logged-in user. It has alarms for total bandwidth use exceeded, but not by IP address, nor quotas, traffic shaping or content filtering. Commercial, free up to 2 interfaces, $795 otherwise.

• [MasterShaper] runs on Linux, with a web interface. It has reports and graphs of total traffic, which can be broken down by IP address and port, but this must be configured using rules. It does not seem to have alarms, but does have traffic shaping. Open source.

• [MetaProducts Net Activity Diagram] runs on Windows, with a graphical interface. It has reports on total traffic, and can report on individual protocols, but these must be defined as rules, and there's no combined graph with a breakdown of anything. It does have alarms when usage exceeds a certain amount, but no traffic shaping, content filtering, or quotas. Shareware, $25.

• [MZL & Novatech TrafficStats] runs on Windows, with a graphical interface. It has reports, but not graphs, by IP address and by port, but not by user. It does not seem to require configuration with rules. It does not seem to have alarms or traffic shaping. Freeware.

• [NetLimiter] runs on Windows, with a graphical interface. It shows network traffic for an individual machine, broken down by application, but not over the network. It has traffic shaping, but does not seem to have quotas or alarms. Shareware, $30.

• [Network Spy] runs on Windows, with a graphical interface. It has graphs of overall network traffic, and can monitor individual IP addresses or ports, but apparently without a combined graph, and rules must be defined in advance. No user names, quotas, or alarms. Commercial, $50/$200, crippled demo.

• [ntop] is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

• [ObjectPlanet Network Probe] runs on Windows XP/2003/2000/NT, Linux, FreeBSD, MacOS X and Solaris Intel/Sparc, with a web interface. It has graphs of bandwidth by IP address and by port, but not by user, nor traffic shaping, content filtering, quotas or alarms. Commercial, $600, free trial.

• [Packeteer] is a hardware device, with a web user interface. It had graphs of total traffic by protocol, not sure about any other features. Hardware, costs $2,400 for 128 kbit link, or $3,200 for 2 Mbit.

• PRTG runs on Windows, with graphical and web interfaces. It captures packets using Cisco Netflow or packet sniffing or uses SNMP to monitor bandwidth usages. It does not need to be configured with rules. It has graphs by IP address and by protocol (but not by user), and real-time lists of top talkers, top connections, and top protocols (but not top users). Free for up to three sensors, $50 otherwise, free trial.

• [PowerNOC Bandwidth Manager] is a hardware box with bridging and traffic shaping, and a web interface. It supports graphs of up to 500 local IP addresses, and real time speeds of each IP, but not ports or users. The more expensive ISP version has email paging. Hardware, $1500.

• [Sniff'Em] runs on Windows, with a graphical interface. It's a packet sniffer, with no graphs, summaries, traffic shaping, content filtering, or alarms. Commercial, $100-130, crippled demo.

• [SoftPerfect Bandwidth Manager] runs on Windows, with a graphical interface. It measures traffic that matches predefined rules, and supports user quotas. It has graphs of traffic that matches individual rules, but not total activity broken down by user, port or IP address, nor does it have alarms. Shareware, $35/$90.

• [SolarWinds Network Performance Monitor] runs on Windows, with a graphical interface. It measures total traffic, without any breakdowns. It has alarms for utilisation exceeding a certain level, but no traffic shaping, content filtering or quotas. Part of the Engineer's Edition toolkit, commercial, $995, free trial.

• [WinSuperKit] runs on Windows, with a graphical interface. It can "monitor the speed of your network" and "capture, analyze and filter the raw packets of your network". Shareware, $40.

• [XP Cop] runs on Windows, with a graphical interface. It measures total bandwidth used by IP and by user, and supports quotas, but not breakdown by protocol or remote IP. It does have content filtering, but no traffic shaping or alarms. Shareware, $30.

See also

• IP Flow Information Export - IETF work to standardize flow export
• MRTG
• The Netflow page lists devices which generate and applications which analyse Cisco Netflow records
• Network management
• Network monitoring
• Packet sniffer
• Performance management
• Traffic shaping

External links

• [SLAC Network Monitoring Tools], filtered out those tools specifically concerned with network traffic measurement and analysis;
• [FileEdge] lists more tools, mainly for Windows, in a very inconvenient format full of advertising;
• [WinPCAP Remote Capture] and [pktd] might be useful to anyone intending to develop their own tools for network traffic measurement.

 

---

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?