Looking for traffic analysis/monitoring tool

I've just installed RRDTool/Cacti on a server and set it up to fetch
interface statistics (via SNMP) from a Linux-based router, and what can
I say; it rocks. However, the available SNMP statistics are a bit limited.

I'd like to see how much traffic is coming from and going to the
different subnets behind the router. I see that Cacti can use scripts to
collect data, and that packets can be classified and counted with
user-defined chains in iptables, but Cacti is not (and can't be)
installed on the router itself.

What is the best way to collect the data, and how do I get it to Cacti?
(Or am I using the wrong tool for the job?)

iftop
sniffit
ntop
ethereal

bye...

In comp.os.linux.networking KR <(E-Mail Removed)>:
> I've just installed RRDTool/Cacti on a server and set it up to fetch
> interface statistics (via SNMP) from a Linux-based router, and what can
> I say; it rocks. However, the available SNMP statistics are a bit limited.

> I'd like to see how much traffic is coming from and going to the
> different subnets behind the router. I see that Cacti can use scripts to
> collect data, and that packets can be classified and counted with
> user-defined chains in iptables, but Cacti is not (and can't be)
> installed on the router itself.

> What is the best way to collect the data, and how do I get it to Cacti?
> (Or am I using the wrong tool for the job?)

While those things can be done with mrtg/rrdtool, it'd be a hell
lot easier if you just run ntop (www.ntop.org) in webmode for
colorful pictures.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 385: Dyslexics retyping hosts file on servers

(E-Mail Removed) wrote:

> iftop
> sniffit
> ntop
> ethereal

As far as I can see, none those can do what I asked. But thanks anyway.

Michael Heiming wrote:
>
> While those things can be done with mrtg/rrdtool, it'd be a hell
> lot easier if you just run ntop (www.ntop.org) in webmode for
> colorful pictures.

I'm a little short on CPU on the router; it has 26 interfaces and
already runs a caching DNS server. But you're right, ntop does display
some really nice graphs.

You can all look into a netflow collector. the onlamp website has a
great tutorial on how to set it up. I think is probably what you are
looking for.

http://www.onlamp.com/pub/a/bsd/2005...ns.html?page=1

BTW, here is another page on the things you can do with flow records:

http://www.onlamp.com/pub/a/bsd/2005...y_Daemons.html

sal paradise wrote:

> BTW, here is another page on the things you can do with flow records:
>
> http://www.onlamp.com/pub/a/bsd/2005...y_Daemons.html

I've had a quick look at the links, and NetFlow seems to be just what
I'm looking for. To my surprise, I also learned that lots of network
equipment (including Cisco routers) can export NetFlow data.