Bandwidth Monitoring

Monitoring usage of network bandwidth can be a simple enough task where a single PC is used on a cable modem connection, tools like DU Meter, NetstatLive or even Windows Network Monitor can all be used to collect statistics for the number of packets sent and received by the PC, as well the number of bytes. Where a more detailed view of a network is required however, most of these tools cannot be used to monitor other devices on the network due to the fact that they are only concerned with data appearing at the PC that is running the application.

Of those tools that can monitor other devices there can be added hinderence where switches are employed on the network as these will prevent any monitor (or network analyzer, for that matter) from being able to collect the correct network statistics due to the way switches operate when compared to hubs. Whereas a device connected to a hub is able to 'see' all of the network traffic passing through the hub, a switch will only allow that device to see broadcasts of other devices connected to it.

Consider the following network, where PC1 connects directly to a Switch/Router device, such as a Linksys BEFRS41 or Netgear RP114, whilst PC2 and PC3 are connected to the router via a hub. If a monitor were placed on PC1, it would not be able to collect any data from PCs 2 and 3. On the other hand, were a monitor placed on either PC2 or PC3, then this would be able to monitor the traffic flow of both PC2 and PC3 but not PC1.

Network Monitor

In this type of scenario one solution is to install a traffic monitor on each host although this tends to get unwieldy and expensive, assuming the paying of multiple licenses, although some tools are freeware, most are not. It may also require a certain amount of co-operation from the users of the other PCs! It is also worth bearing in mind that a monitor on a PC connected to a LAN will also register traffic flowing to machines on the LAN. IOW, it will show all data transmitted and received by that PC and not just Internet Traffic.

Some Monitors to consider for single PC use:

  • Du Meter
  • Netstat Live
  • Bandwidth Monitor
  • Bandwidth Daemon (30 Day Trial)

    A nice little program that allows you to view a PC's stats in real time, over the network, via a web browser.

  • TrafMeter (30 Day Trial)

    Trafmeter differs from the previous offerings in that, in a non-switched network, it can be used to monitor the traffic of other devices and not just the one it is loaded on. It can also log different types of traffic, such as http or pop3, so it is possible to generate quite comprehensive statistics about network utilization.

  • Look@Lan

    A very good LAN monitor that will monitor machines both by ping and snmp, if supported.

  • NetLimiter

    An excellent utility that shows what applications are using the bandwidth, plus the facility to limit that bandwidth.

  • NetMeter

    Another excellent utility monitors total bandwidth and provides history of both download and upload.

  • BMExtreme

    One limitation with the majority of network monitors is that they cannot differentiate between what is Internet traffic and what is traffic on the local LAN. The Home version of BMExtreme, however, has a useful option that can exclude LAN traffic from the generated statistics.

Note: All of the above are Windows-based applications. Unix users may find the ifconfig command a useful utility but for a complete view of your network ntop is probably the most comprehensive tool available for bandwidth monitoring.

Grahame Cooper has suggested a simple but effective way to use ifconfig by adding the following line to your crontab file:

0 * * * * echo "`date`: `/sbin/ifconfig eth1 | grep 'RX bytes:'`" >> /var/log/eth1_traffic.log

This will run ifconfig every hour and and paste the interface statistics to the file eth1_traffic.log. Note, if you want to generate the file for eth0 you will obviously need to change eth1 to eth0 in the above.

The result of this looks similar to this:

Tue Feb 18 12:00:00 GMT 2003:           RX bytes:939706047 (896.1 Mb)	TX bytes:244715056 (233.3 Mb)

SNMP

Another way of monitoring the usage on the network is to use a network protocol called SNMP, or Simple Network Management Protocol. SNMP is generally used to manage network devices from a central management station, and whilst it is usually a service provided on devices such as routers or hubs, it can also be used with PCs that have an SNMP service running. SNMP does not necessarily need to be used just for management and can be used to gather interface statistics for a device that allows it. One particular application that is designed to do exactly this is MRTG (Multi Router Traffic Grapher).

MRTG skirts round the issue of switched networks as it relies on the SNMP service being available on the device it is configured to graph rather than requiring any particular network topology. It is not concerned with extracting the data direct from the network, but takes it direct from a devices' own interface statistics, so there is no restriction as to where a host resides in relation to the MRTG station. If MRTG can make a connection via SNMP and parse the devices' statistics, it will generate usage graphs for that device.

The following diagram shows a possible deployment of MRTG, where the MRTG station can be running Linux, Solaris, BSD or Windows NT/2000/XP, and the possible devices that it can graph. Note that not all cable modems, routers, hubs or PCs have the SNMP service enabled so the devices shown are for illustration purposes only.

Monitoring with SNMP

The easiest device that MRTG can be set to poll is any SNMP-enabled router that is installed on the network. This will allow MRTG to, at least, produce statistics of the data usage of the router's WAN connection, i.e., the total amount of traffic sent and received to the Internet, but some routers will also record per interface stats, so graphs of individual PC usage can also be generated. Not all routers support SNMP, so you will need to check the specifications of your particular router to see if it is supported. The Linksys BEFSR41 definately does NOT!

A slightly more complicated device for MRTG to interrogate is the cable modem itself. Each cable modem on NTL's network has it's own IP address. This address is a privately assigned address on a completely different IP subnet to the connected device and normally cannot be seen by the connected device so some manipulation of the attached device's routing tables are necessary so that the MRTG station may connect to the modem's SNMP service.

Another option is to use MRTG to monitor the devices on the LAN. This requires that the devices support SNMP, and it may mean that an additional service needs to be installed so that a PC can respond to SNMP polls from MRTG. For Windows 2000/XP systems the SNMP service can be added via the Add/Remove Programs utility in Control Panel, and for Linux systems the snmpd daemon is required.

A similar utility to MRTG is PRTG. PRTG is a Windows only utility that, like MRTG, polls SNMP devices and produces graphs of the utilization of that device. PRTG is purchaseable software although a free version is available that can be used to monitor one device which would be either a router or Cable Modem.


© Nig's Net Written using the Bluefish HTML Editor on RedHat 9.0.

All Copyrights and Trademarks ACK'd. Not to do so would be a SYN!