I'm looking for tools to monitor network traffic. I'm not looking for a protocol analyzer (sniffer). I already have what I need for packet decodes. (TCPdump, Ethereal, etc.) What I want is something that will give me a protocol breakdown. For example, I already have tools to tell me that traffic levels on a given network are at 20%. I want to get a graph of the breakdown of that traffic. How much of it is http? How much ftp? How much something else?

Any suggestions?

-- The Director

Have I got the perfect (hardware based) tool for you! I've got four of these bad boys and I love them. What you need is Packetshaper by Packeteer (http://www.packeteer.com). They aren't cheap, but they do exactly what your asking for and a lot more. I rely heavily on mine. If you like, I can give you the contact information for the east coast sales engineer (I notice you are in Maryland) he's a hell of a great guy.

Yes, please. I tried going to their site, but it seems to be down, so I'd love the contact info.

I sent you a private message with all the info. Hope it helps! :D


----edit: 6:00 P.M. EST 14 Feb. Packeteer site is back up!

iptraf will do the work for you.. It simply sniffs traffic and gives you some numbers and statistics on the number / type of packets.

http://iptraf.seul.org/

Or of course you could throw together a quick PERL script that stored the stats of TCPdump in a flatfile in any format you want, this way you can generate charts, graphs or stats yourself.

;-)

Loyal.

http://www.lanscan.com/products/prodinfo_lanscannm.htm

although the screen shot on this page dosn't show it the "trends" tab shows you a graph

Have you looked into Multi Traffic Routing Grapher? Or, MRTG. Its not exactly real time like our Getif graphs,and it won't separate protocals, but its a easy way to get started on monitoring and graphing traffic in and out. Just a plan (b).

http://www.snifferpro.co.uk/

i haven't used this, ever, because it won't work with windows 2000 and a modem. but i have seen older versions that have this nifty "rev clock" for viewing bandwidth consumption, but the new version looks great i must say, so i did.

Sniffer Pro is pretty good too, although I still think Packetshaper will be a better fit based on what you originally said you are looking for. Of course, I took a look at iptraf (thanks to this thread) and that is certainly the cheaper solution. Packetshaper also does traffic prioritization, which you didn't mention needing but is a wonderful feature. If you want to take a look at Sniffer or Sniffer Pro, I can give you the contact information for that too. Can you tell I'm in the D.C. area and deal with vendors day in and day out? :)

There used to be a program running around or you could order called Netboy or something like that. It basically created a graph in realtime showing your network computers, their ips, the website or whatever they were connected to, and the protocol it was using at the time. It was a real sweet little tool. Might want to look into that also.

if you want to see real time graphs using rrdtool, remote-local, remote-remote, local-remote, etc... to packet size, ttl, etc.. try using ntop. you could find it at sf.net or ntop.org.

w0rm3y