Network traffic measurement
Encyclopedia
In computer networks, network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management
.
and others use SNMP
, WMI
or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software
, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.
The Netflow
article also lists devices which generate and applications which analyse Cisco Netflow records.
Bandwidth management
Bandwidth management is the process of measuring and controlling the communications on a network link, to avoid filling the link to capacity or overfilling the link, which would result in network congestion and poor performance of the network.- Management :Bandwidth management mechanisms may be...
.
Tools
Various software tools are available to measure network traffic. Some tools measure traffic by sniffingPacket sniffer
A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
and others use SNMP
Simple Network Management Protocol
Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor...
, WMI
Windows Management Instrumentation
Windows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...
or other local agents to measure bandwidth use on individual machines and routers. However, the latter generally do not detect the type of traffic, nor do they work for machines which are not running the necessary agent software
Software agent
In computer science, a software agent is a piece of software that acts for a user or other program in a relationship of agency, which derives from the Latin agere : an agreement to act on one's behalf...
, such as rogue machines on the network, or machines for which no compatible agent is available. In the latter case, inline appliances are preferred. These would generally 'sit' between the LAN and the LAN's exit point, generally the WAN or Internet router, and all packets leaving and entering the network would go through them. In most cases the appliance would operate as a bridge on the network so that it is undetectable by users.
Functions and features
Measurement tools generally have these functions and features:- User interface (web, graphical, console)
- Real-time traffic graphs
- Network activity is often reported against pre-configured traffic matching rules to show:
- Local IP address
- Remote IP address
- Port number or protocol
- Logged in user name
- Bandwidth quotas
- Support for traffic shapingTraffic shapingTraffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
or rate limitingRate limitingIn computer networks, rate limiting is used to control the rate of traffic sent or received on a network interface. Traffic that is less than or equal to the specified rate is sent, whereas traffic that exceeds the rate is dropped or delayed...
(overlapping with the network traffic controlNetwork traffic controlIn computer networking, network traffic control is the process of managing, prioritising, controlling or reducing the network traffic, particularly Internet bandwidth, used by network administrators, to reduce congestion, latency and packet loss. This is part of bandwidth management...
page) - Support website blocking and content filteringContent filteringContent filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access.- Content filtering of email :...
- Alarms to notify the administrator of excessive usage (by IP address or in total)
Some available tools
Some of the available tools include:- ArgusAudit Record Generation and Utilization SystemAudit Record Generation and Utilization System is a fixed-model real-time flow monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream, doing that by that categorizing IP packets which match the Boolean expression into a...
processes packets into detailed network flow audit data for operations, performance and security management. - Cacti allows a user to poll services at predetermined intervals and graph the resulting data.
- cFosSpeedCFosSpeedcFosSpeed is a software solution for traffic shaping for theWindows operating system. It improves Internetlatency while maintaining high transfer rates.The program attaches itself as a device driver to the Windows...
performs traffic classification and lets the user display, shapeTraffic shapingTraffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
, tagDifferentiated servicesDifferentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying and managing network traffic and providing Quality of Service on modern IP networks...
or rate-limit protocols or programs under Windows. - FlowMonFlowMonFlowMon probe is an appliance for monitoring and reporting information of IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET research plan Optical National Research Network and its New Applications, research activity 602 -...
is a complete solution for NetFlowNetflowNetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...
monitoring and analyzis including probes up to 10 Gbit/s, collectors and other supervision systems. - InterMapperInterMapperInterMapper is a cross-platform network monitoring program distributed by Dartware, LLC. The current version of InterMapper is written in Java, and comes with a variety of network probes based on ping, SNMP, [] and other network protocols used to monitor the state of networked devices and servers....
Originally developed for the Macintosh Classic in 1994 by the network manger of Dartmouth CollegeDartmouth CollegeDartmouth College is a private, Ivy League university in Hanover, New Hampshire, United States. The institution comprises a liberal arts college, Dartmouth Medical School, Thayer School of Engineering, and the Tuck School of Business, as well as 19 graduate programs in the arts and sciences...
this application uses SNMP, Ping and Netflow to build a graphical network map similar to HP Openview which shows bandwidth usage by port information and protocol. VLAN aware. Supported platforms: MacOS X, Linux and Windows. - LiveActionActionPacked! NetworksActionPacked! Networks is a developer of intelligent network management software and network analysis tools.The company sells downloadable software products that aid Network Administrators in designing, configuring, monitoring, and troubleshooting Cisco networks...
provides real-time routing layer visualizations that allow the user to see and troubleshoot routes and implement policy-based routing. - MRTGMulti Router Traffic GrapherThe Multi Router Traffic Grapher, or just simply MRTG, is free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form....
. - NetLimiterNetLimiterNetLimiter is client-side traffic shaping and monitoring software for the Windows operating system. Unlike most traffic-shaping utilities, which are based on centrally managed hardware, NetLimiter is a software-only solution...
is a traffic monitoring and shaping software for Windows. - OmniPeekOmniPeekOmniPeek is a packet analyzer software tool from WildPackets Inc.. It is used for network troubleshooting and protocol analysis. It supports a plugin API.- History :...
is an end-to-end network monitoring solution, offering support for many packet adapters and remote collectors. - ObserviumObserviumObservium is a PHP/MySQL-based Network Observation and Monitoring System which collects data from devices using SNMP and presents it via a web interface. It makes heavy use of the RRDtool package. Observium has a number of simple core design goals driving its development: minimum interaction,...
is an autodiscovering network monitoring application focusing on extensive data collection and graphing of network infrastructure. - PRTGPaessler Router Traffic GrapherPaessler Router Traffic Grapher is a network monitoring and bandwidth usage software for Microsoft Windows by Paessler AG. It can monitor and classify bandwidth usage in a network using SNMP, Packet Sniffing and Netflow...
runs on Windows, with graphical and web interfaces. It captures packets using Cisco NetflowNetflowNetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...
or packet sniffingPacket snifferA packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
or uses SNMP to monitor bandwidth usages. - Wireshark (Ethereal) network packet logger, visualizer, inspector, some analyses.
- PacketTrapPacketTrapPacketTrap provides network management and traffic analysis software for midsize companies. PacketTrap has offices in Silicon Valley and Calcutta, India.- History :...
Networks - Traffic and Traffic Flow Analyzer - Scrutinizer NetFlow and sFlow Analyzer provides deep visibility into network traffic behavior and trends. Leveraging NetFlow, J-Flow, and sFlow data, NetFlow Traffic Analyzer identifies which users and applications are consuming the most bandwidth.
- SandvineSandvineSandvine Incorporated , in Waterloo, Ontario, Canada.Sandvine network policy control products are designed to implement broad network policies, ranging from service creation, billing, congestion management, and security...
Intelligent Network Solutions measure and manage network traffic using Policy Traffic Switches - SevOneSevOneSevOne, Inc. is a venture funded network performance management software company. The SevOne Performance Appliance solution provides network managers with monitoring, troubleshooting, and performance reporting capabilities...
Network Performance Monitoring System.
The Netflow
Netflow
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...
article also lists devices which generate and applications which analyse Cisco Netflow records.
- StreamcoreStreamcoreStreamcore is an information technology company specializing in Quality of Service , controlling/monitoring Unified Communications and application delivery management over the Wide area network . Its headquarters are located in Puteaux, France, with offices in Germany, Africa, and the Middle...
StreamGroomer features an integrated tap mechanism by means of which a copy of the actual network traffic is made and performance analysis is carried out on this replicated traffic. Regulates and measures the traffic exchanged between LAN and WAN networks.
See also
- IP Flow Information ExportIP Flow Information ExportInternet Protocol Flow Information Export is an IETF working group. It was created from the need for a common, universal standard of export for Internet Protocol flow information from routers, probes, and other devices that is used by mediation systems, accounting/billing systems, and network...
- Measuring network throughputMeasuring network throughputThroughput of a network can be measured using various tools available on different platforms. This page explains the theory behind what these tools set out to measure and the issues regarding these measurements.-Reasons for measuring throughput in networks:...
- Network managementNetwork managementNetwork management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems....
- Network monitoringNetwork monitoringThe term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages...
- Packet snifferPacket snifferA packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
- Performance managementPerformance managementPerformance management includes activities that ensure that goals are consistently being met in an effective and efficient manner. Performance management can focus on the performance of an organization, a department, employee, or even the processes to build a product or service, as well as many...
- Traffic generation model
- Traffic shapingTraffic shapingTraffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
External links
- Monitoring and Measurement in the Next Generation Technologies ("MOMENT"), a European FP7 framework project about SOA oriented Monitoring and Measurement in ICT Networks