desperately need a "network bandwidth monitoring" utility

Discussion in 'Networking & Security' started by troyquigley, Sep 21, 2006.

  1. troyquigley

    troyquigley Guest

    i need to find a utility that monitors bandwidth used by each workstation.
    so i can see which computers are hitting the server the hardest.
    i really ONLY need it to check bandwidth usage for each workstation. i dont really
    need anything fancy at all. the simpler the better.

    and i want the utility to be installed on only 1 workstation and that being able to watch the bandwidth of all the OTHER workstations. i do not want to install the utility on EVERY workstation.
     
  2. SJConsultant

    SJConsultant 2[H]4U

    Messages:
    3,600
    Joined:
    Jan 14, 2004
    Depending on your needs you have a few options:

    1. Free, simple, quick setup - Use Performance Monitor and add counters on your workstation for each workstation you want to monitor.

    2. Free, involves some setup - Use MRTG or Cacti to poll data from a managed switch that all workstations are connected to. Only requires setup on your workstation and the managed switch.

    3. Free, but involves alot of setup - Use MRTG or Cacti to poll NIC data through SNMP. The hitch here is that you'll have to install and configure SNMP service on each workstation

    4. Paid, involves some setup - Use a paid program like Solarwinds and query SNMP data from workstations.
     
  3. troyquigley

    troyquigley Guest

    i can run performance monitor on a workstation and have it monitor other workstation ?
    i didnt know i could do that. what counters should i look for ?> never really used permon
     
  4. SJConsultant

    SJConsultant 2[H]4U

    Messages:
    3,600
    Joined:
    Jan 14, 2004
    When you add a counter, you should have an option to "Select counters from computer:" you would then type the unc path "\\workstation" .

    From there select Network Interface from the "Performance Object:" and add the counters for incoming, outgoing, total bytes, or whatever you want.

    Note that you need admin priviledges that can authenticate to the remote workstation.
     
  5. troyquigley

    troyquigley Guest

    sweet !
    i will check that out
     
  6. moetop

    moetop [H]ard|Gawd

    Messages:
    1,471
    Joined:
    Apr 8, 2004
    SJ - Does SNMP in your options 1 3 and 4 actually collect data to a specific IP addresses, or overall throughput? I think the OP mentioned "...hitting the server ...." Indicating he wanted the data to only one server.

    Option 2 with a switch that supports RMON / Netflow would probably get more specific data.

    Troy - How long is this needed? Is this a diagnosis type of thing or a more permanent long term monitoring situation? Also what level of detail is needed? i.e. You need to know how much data is transferred specifically between 2 endpoints ?
     
  7. troyquigley

    troyquigley Guest

    i have a problem with one of my servers. i think it might be getting hit with lots of traffic. i need to find out which workstation is doing it.
     
  8. SJConsultant

    SJConsultant 2[H]4U

    Messages:
    3,600
    Joined:
    Jan 14, 2004
    Option 1 - You would be polling data thru WMI and not SNMP for that workstation's network card which can be bytes received, bytes sent, or total bytes. Other counters are available but not relevant.

    Option 3 - Polling data via SNMP polls data specific for each workstation's interface and is generally the same result as using performance monitor.

    If he's looking for which workstation is "hitting" the server then none of the above will work if he just monitors the server's interfaces. A packet sniffer or similiar program would be more appropriate installed on the server.

    Option 4 - Same as 3 except Solarwinds GUI is very intuitive and alot less setup on the OPs part on a workstation.

    Options 1,2,3,4 poll data specific for each individual workstation regardless of IP address assigned.

    If the op monitors just the server, then none of the options will work. The would need to use a packet sniffer or similiar program on the server to give a breakdown of traffic on a per IP address level.
     
  9. Strykar

    Strykar Limp Gawd

    Messages:
    299
    Joined:
    Apr 21, 2005
    PRTG offers pretty much the same functionality as MRTG, but is easier to setup imo. It costs though.
     
  10. moetop

    moetop [H]ard|Gawd

    Messages:
    1,471
    Joined:
    Apr 8, 2004
    That is why I asked, all the options are not source and destination based, so you may notice an individual workstation transferring a lot of data, but if the people do multiple tasks you don’t know what they are transferring to. i.e. someone downloads a large file off of another server, that is not relevant to the issue with the server in question, but might trigger you to investigate.

    You could try and do correlation i.e. use option1 and include the server. When you see the spike on the server you should see a correlating spike on the client.

    I agree a sniffer would get more detail and the new free version of Wildpackets Omnipeek has a "Monitor" mode where you can view node statistics without actually doing a capture. It's an automatically updating window that shows the top data transfers, and you can graph on each individual node. I have used Ethereal for quite a while now, as well as the real "Sniffer" product, and Omnipeek is fast becoming my new favorite for quick and dirty, with a little in depth. It even has some application modeling features.