Traffic Measurement Tools

I need to measure incoming and outgoing traffic on a server. I'd like
to have a breakdown in:

- all ethernet traffic
- all tcp traffic
- all udp traffic
- all icmp traffic
- all ip traffic

I've come across mrtg, iptraf and netramet. iptraf worked out of the
box. I haven't gotten mrtg of netramet to work as of yet. What I did
notice was that netramet seems to put the ethernet device being
measured in promiscuous mode, while both mrtg and iptraf don't. I would
think that mrtg or iptraf would miss some (ethernet) traffic this way,
but I could be wrong.

mrtg suggests it produces nice graphs, but I prefer solid measurements
(giving boring data) over cool graphs. netramet seems to be very
extensive, maybe a bit too extensive for my purpose. iptraf works nice,
but I'm afraid (as with mrtg) that it's not measuring all (ethernet)
traffic.

What's the relative appreciation of these different tools?

Thanks,

Miyagi

In comp.os.linux.networking (E-Mail Removed):
> I need to measure incoming and outgoing traffic on a server. I'd like
> to have a breakdown in:

> - all ethernet traffic
> - all tcp traffic
> - all udp traffic
> - all icmp traffic
> - all ip traffic

> I've come across mrtg, iptraf and netramet. iptraf worked out of the
[..]

> mrtg suggests it produces nice graphs, but I prefer solid measurements
> (giving boring data) over cool graphs. netramet seems to be very
> extensive, maybe a bit too extensive for my purpose. iptraf works nice,

Not quite, mrtg3 (aka rrdtool) stores data in its own rrd
databases, which can be easily dumped to text format, it makes
pictures only on demand out of those .rrd files.

> but I'm afraid (as with mrtg) that it's not measuring all (ethernet)
> traffic.

> What's the relative appreciation of these different tools?

I'd suggest to take a look at ntop (http://www.ntop.org/), it's
quite easy to get running and might just do what you are after.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 338: old inkjet cartridges emanate barium-based
fumes

Michael Heiming wrote:
> In comp.os.linux.networking (E-Mail Removed):
> > I need to measure incoming and outgoing traffic on a server. I'd like
> > to have a breakdown in:
>
> > - all ethernet traffic
> > - all tcp traffic
> > - all udp traffic
> > - all icmp traffic
> > - all ip traffic
>
> > I've come across mrtg, iptraf and netramet. iptraf worked out of the
> [..]
>
> > mrtg suggests it produces nice graphs, but I prefer solid measurements
> > (giving boring data) over cool graphs. netramet seems to be very
> > extensive, maybe a bit too extensive for my purpose. iptraf works nice,
>
> Not quite, mrtg3 (aka rrdtool) stores data in its own rrd
> databases, which can be easily dumped to text format, it makes
> pictures only on demand out of those .rrd files.
>
> > but I'm afraid (as with mrtg) that it's not measuring all (ethernet)
> > traffic.
>
> > What's the relative appreciation of these different tools?
>
> I'd suggest to take a look at ntop (http://www.ntop.org/), it's
> quite easy to get running and might just do what you are after.

Looks interesting. I'm running on an x86_64 arch and the system had to
start measuring today. The mrtg binary on my system seems to quietly
fail and there's no ntop x86_64 binary, so for the moment I'm using
iptraf, nothing fancy but at least it's logging.

>
> Good luck

Thanks

Miyagi

>
> --
> Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
> mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
> #bofh excuse 338: old inkjet cartridges emanate barium-based
> fumes

In comp.os.linux.networking (E-Mail Removed):
> Michael Heiming wrote:
>> In comp.os.linux.networking (E-Mail Removed):
>> > I need to measure incoming and outgoing traffic on a server. I'd like
>> > to have a breakdown in:
[..]

>> I'd suggest to take a look at ntop (http://www.ntop.org/), it's
>> quite easy to get running and might just do what you are after.

> Looks interesting. I'm running on an x86_64 arch and the system had to
> start measuring today. The mrtg binary on my system seems to quietly
> fail and there's no ntop x86_64 binary, so for the moment I'm using
> iptraf, nothing fancy but at least it's logging.

Interesting, though you don't say what distro you are running a
short search reveals ntop*x86_64* packages for quite a few, so it
seems like you didn't looks that hard or just had bad luck, in
any case you can compile ntop from source.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 53: Little hamster in running wheel had coronary;
waiting for replacement to be Fedexed from Wyoming

Michael Heiming wrote:
> In comp.os.linux.networking (E-Mail Removed):
> > Michael Heiming wrote:
> >> In comp.os.linux.networking (E-Mail Removed):
> >> > I need to measure incoming and outgoing traffic on a server. I'd like
> >> > to have a breakdown in:
> [..]
>
> >> I'd suggest to take a look at ntop (http://www.ntop.org/), it's
> >> quite easy to get running and might just do what you are after.
>
> > Looks interesting. I'm running on an x86_64 arch and the system had to
> > start measuring today. The mrtg binary on my system seems to quietly
> > fail and there's no ntop x86_64 binary, so for the moment I'm using
> > iptraf, nothing fancy but at least it's logging.
>
> Interesting, though you don't say what distro you are running a
> short search reveals ntop*x86_64* packages for quite a few, so it
> seems like you didn't looks that hard or just had bad luck, in
> any case you can compile ntop from source.

distro is fc5. I didn't look any further than the ntop site. Now that
iptraf is running I can quietly compile ntop and have a look.

Thanks,

Miyagi

>
> --
> Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
> mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
> #bofh excuse 53: Little hamster in running wheel had coronary;
> waiting for replacement to be Fedexed from Wyoming

Michael Heiming wrote:
> In comp.os.linux.networking (E-Mail Removed):
> > I need to measure incoming and outgoing traffic on a server. I'd like
> > to have a breakdown in:
>
> > - all ethernet traffic
> > - all tcp traffic
> > - all udp traffic
> > - all icmp traffic
> > - all ip traffic
>
> > I've come across mrtg, iptraf and netramet. iptraf worked out of the
> [..]
>
> > mrtg suggests it produces nice graphs, but I prefer solid measurements
> > (giving boring data) over cool graphs. netramet seems to be very
> > extensive, maybe a bit too extensive for my purpose. iptraf works nice,
>
> Not quite, mrtg3 (aka rrdtool) stores data in its own rrd
> databases, which can be easily dumped to text format, it makes
> pictures only on demand out of those .rrd files.
>
> > but I'm afraid (as with mrtg) that it's not measuring all (ethernet)
> > traffic.
>
> > What's the relative appreciation of these different tools?
>
> I'd suggest to take a look at ntop (http://www.ntop.org/), it's
> quite easy to get running and might just do what you are after.

I've downloaded from ntop cvs, configured and started to compile. The
package wants all kinds of graphics libraries which my system doesn't
have. On this system I just want something that logs traffic. I'll do
fancy graphics on another system but ntop (seems to) require the host
which runs the traffic meter to also support the graphics capabilities
of ntop.

Thanks,

Miyagi

>
> Good luck
>
> --
> Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
> mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
> #bofh excuse 338: old inkjet cartridges emanate barium-based
> fumes

In comp.os.linux.networking (E-Mail Removed):
> Michael Heiming wrote:
>> In comp.os.linux.networking (E-Mail Removed):
[..]

>> I'd suggest to take a look at ntop (http://www.ntop.org/), it's
>> quite easy to get running and might just do what you are after.

> I've downloaded from ntop cvs, configured and started to compile. The
> package wants all kinds of graphics libraries which my system doesn't
> have. On this system I just want something that logs traffic. I'll do
> fancy graphics on another system but ntop (seems to) require the host
> which runs the traffic meter to also support the graphics capabilities
> of ntop.

Perhaps to build, running doesn't seem to need that much unusual
stuff:

$ rpm -qR ntop
/bin/bash
/bin/sh
/sbin/chkconfig
/sbin/ldconfig
config(ntop) = 3.2-1.el3.rf
libc.so.6
libc.so.6(GLIBC_2.0)
libc.so.6(GLIBC_2.1)
libc.so.6(GLIBC_2.1.3)
libc.so.6(GLIBC_2.2)
libc.so.6(GLIBC_2.3)
libc.so.6(GLIBC_2.3.2)
libcrypt.so.1
libcrypt.so.1(GLIBC_2.0)
libcrypto.so.4
libgd.so.1.8
libgdbm.so.2
libglib-1.2.so.0
libm.so.6
libmyrrd-3.2.so
libnsl.so.1
libntop-3.2.so
libntopreport-3.2.so
libpcap.so.0.6.2
libpng12.so.0
libpthread.so.0
libpthread.so.0(GLIBC_2.0)
libpthread.so.0(GLIBC_2.1)
libpthread.so.0(GLIBC_2.3.2)
libresolv.so.2
libssl.so.4
libxml2.so.2
libz.so.1
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1

Though you need "libpng" to run, I'd suggest compiling the
package somewhere else and then installing it.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 300: Digital Manipulator exceeding velocity
parameters