Network Traffic Monitoring

Started by shovandas, November 27, 2013, 03:55:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

shovandas

November 27, 2013, 03:55:25 PM
Hi Team,

I required a Network Monitoring Tool (Open Source) and finally looking at the documentation and slick setup instruction of Netxms, i have preferred to evaluate this software. But having a Network Monitoring Software in place, our first criteria is to Monitor the Network traffic over LAN AND Content (Internet Traffic such as Email, Internet Download & Internet Upload) moving to and fro over internet from LAN through a Proxy Server which works as Gateway to access internet from Lan.

As  I am new to this tool, so i want to know if my basic requirement can be fulfilled with this software or not if I setup this Netxms server at our proxy server; then i ll prefer to explore further. I can understand, that it may not be OTB and requires configuration.

Please help me finding the direction.

Thanks
Shovan

Iliyan Vutov

#1
February 11, 2014, 10:14:42 AM
This could be easily achieved via SNMP. If you're running Linux you can setup network counters in NetFilter like:
# WEB Traffic
iptables -I FORWARD -s $localnet -d 0/0 -p tcp --dport 80
iptables -I FORWARD -s 0/0 -d $localnet -p tcp --dport 80

After that you can see something like (for the purpose of example I'm using INPUT chain):

root@green:~# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 1265 packets, 181K bytes)
pkts bytes target     prot opt in     out     source               destination         
  170 30091            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
root@green:~#

Whit a little help of AWK you can make a script that will get bytes value:

Create a file.sh and put that command in it. After that extend your SNMP functionality by adding a line like such in snmpd.conf:

extend webtraf  /bin/sh /path/to/file.sh

Don't forget to restart your snmpd. Then call snmpwalk:

snmpwalk -v 2c -c community IP.ADD.RE.SS iso.3.6.1.4.1.8072.1.3.2.4.1.2

It should return something similar to

iso.3.6.1.4.1.8072.1.3.2.4.1.2.7.119.101.98.116.114.97.102.1 = STRING: "313K"

And voila - this is the web traffic counter. After that you can easily create DCI with SNMP and put this OID to get the value.
I hope you've got the idea :-)
I guess there are other ways of getting that traffic but I can't think of any right now.

Cheers,
Iliyan
Print
Go Up Pages1
User actions