Network Monitoring

[Morfiend]

So, recently my network at work has been acting really funky. In an effort to try and track it down, I was looking for some kind of network monitoring tool. Some thing that will record or display what type of traffic is going on around my network, and out in to the net. I have a feeling one or two people might be hogging bandwidth a little bit.

The catch is that our network is almost all OS X, so I need ether a unix app, or an OS X app. Preferably one that is user friendly or easy to read.

Does anyone have any ideas about something like that?

[Lantyssa]

I've used Wireshark with some success.

[Salamok]

OS shouldn't matter in the sense that network traffic fairly agnostic, but it does matter in the sense that linux seems to have more libs available when it comes to monitoring network traffic.  

1st step is setting up one of your ports on the switch to trap or mirror all the traffic otherwise you will only see traffic that is broadcast and/or specifically routed to the machine you are using.  

It has been a real long time since I have done this and the traffic analyzer i used isn't even available anymore (i think it was called net eye).  I think maybe this has morphed into eEye's Iris over the last decade or so.  

[Trippy]

I use Ethereal but it's definitely *not* user friendly.

http://www.ethereal.com/

[Salamok]

ah yes ethereal was what i was thinking of, the net eye was a funky webcam.  Alternatively if your switch is decent you can have it just send you logs. 

edit: or if you think it is malware calling home you can have the router send you logs.

[fuser]

Wireshark/Ethereal is awesome for your purpose (altho use wireshark where development is stopped on ethereal and its exploited to heck and back).

BT4 as a "tool" of is good for identifying any network related issues, its a live CD and will have wireshark ready to go on supported hardware. Flip side is you can start to scan for exploits and auditing the network.

[lac]

Cace pilot is a great tool to visualise and interpret your wireshark logs. Unfortunately it isn't free but maybe there is an opensource equivalent out there that allows you to translate your sniffing logs into pretty graphs that tell you exactly who is doing what and how much bandwidth it consumes.

edit: they have a trial that will run for a month or so, that should be enough to tell you what's happening.

[Numtini]

I've used ethereal as well. It's not that hostile considering its free. Our big problem is we have cheap dumb switches which makes finding a point to monitor a pita.

[Salamok]

I've used ethereal as well. It's not that hostile considering its free. Our big problem is we have cheap dumb switches which makes finding a point to monitor a pita.

throw a cheap dumb hub between your router and your switch and monitor that.  It won't give you all the network traffic but it will give you all the internet traffic.

[justdave]

Wireshark is pretty much a must-have, but for this kind of unattended characterization, Ntop is more gooder. And I would presume it'll either configure and build under OSX or it would be in one of those port trees (Fink, etc.).

EDIT: Yeppers - "Unix (including Linux, *BSD, Solaris, and MacOSX)"

[Morfiend]

Thanks gang, I'm going to try out a few of those once I get my new router up and going.