After using my ubuntu server as a gateway for about a week, I am keen to see what sort of traffic my users are viewing and to see how much of the network bandwidth is being utilised.
A couple of things that I kept in mind while searching for the perfect monitoring tools:
- Easy to use
- Easy to configure
- Capability to reuse output (with the grand plan to consolidate a few network monitors into a single web interface)
Here’s a couple of interesting applications that I have found along the way:
NOTE Keep in mind that most applications require their data collection to be over a long period of time in order to get the most benefit. The screenshots provided here may not show all available features of the listed products
EtherApe
Provides a graph of the current network traffic. Useful for showing the IPs and servers that devices are hitting. Good thing about this is that it works straight out of the box
sudo apt-get install etherape sudo etherape
Image may be NSFW.
Clik here to view.
A couple of handy changes to the default preferences (File -> Preferences):
- Make the network nodes easier to see – Set Size Mode to Logarithmic. Otherwise, network nodes with the most traffic will appear larger (extremely larger!)
- Modify the Node and Link Timeout settings in the Timing tab. This will allow network nodes to “timeout” and disappear from the graph, leaving only those that are most recent.
DarkStat
Provides some bandwidth-monitoring, and can also show which hosts are requesting the most traffic – all via a web interface. Graphs provide real-time summaries in last minute, hour, day and month.
sudo apt-get install darkstat libpcap-dev sudo darkstat --no-daemon -i eth0 -b `hostname`
The web interface can be viewed by navigating to http://localhost:667:
Image may be NSFW.
Clik here to view.
Darkstat can be setup to run as a service, by editing the default configuration file /etc/darkstat/init.cfg. The most important change to make to this file, is START_DARKSTAT="yes". Then start the service by running
sudo /etc/init.d/darkstat restart
iftop
iftop is for networks, what top is for processes. By running this application, you can get an overview of bandwidth usage for a pair of hosts.
sudo apt-get install iftop sudo iftop
Screen-scraping the output from this application could be a little harder than those previously mentioned.
vnstat
Provides bandwidth statistics for multiple network adaptors and an easy to read summary for terminal windows. Best of all, it works straight out-of-the-box!
sudo apt-get install vnstat vnstat
There is also a vnstat web interface that uses the vnstat database to generate charts and easier to read summaries. Perform the following to get vnstat web interface up and running:
sudo apt-get install apache2 php5 php5-gd wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz tar xvf vnstat_php_frontend-1.5.1.tar.gz mv vnstat_php_frontend-1.5.1 /var/www/vnstat
The only thing I had to do after this was modify $language to 'en', and $iface_list (as appropriate) within the configuration file - /var/www/vnstat/config.php - and then should be ready to go!
Image may be NSFW.
Clik here to view.
ntop
Provides a great insight into the network, by being able to view the type of traffic, bandwidth, hosts, load and more….
sudo apt-get install ntop
By default, ntop provides its web interface on http://localhost:3000. There is a plethora of graphs and charts, most of yet I have had time to explore.
Image may be NSFW.
Clik here to view.
The above list is a number of networking tools that can provide the network administrator a guide as to what is happening on his/her computer network. Tune back for more details…