Traffic monitor

Hi.
Is there any software that will allow me to see what exactly software how much exactly megabytes have downloaded from the internet?
Something like list of all active connections by applications, so I can inspect WHO eating traffic.
Thanks!

Most of the options you'll find will count traffic in and out your machine. However, that's not necessarily going to tell you what you want.
For example, will it separate internet traffic vs. local traffic (e.g. that 50-page report you print counts as megabits in and out of your machine, but never touches your ISP link).
Then, at the next level, it's very hard to map the traffic to specific applications.
It's easier (but not 'easy') to map to a particular type - e.g. port 80 traffic is web traffic - but not to a particular app (e.g. FireFox vs. Safari).
The best place to see your internet volume is at your router - most routers have some support for port statistics - but that won't give any per-port or per-application stats.
So, what you're asking for (application-specific stats) is really hard to achieve.

Similar Messages

  • L4 Traffic Monitor question

    In the IronPort web security appliance documentation, it indicates that the L4 traffic monitor ports (T1 and/or T2) should be connected to either a network tap or switch span.
    I'm a little confused as to how this is supposed to be set up.
    Does it mean that you take 2 ports on a switch, one on the same subnet/vlan as the P1 interface (data) on the IronPort, and the other that is on the subnet/vlan as the firwall (outbound Internet traffic) and create 2 monitor sessions (spans)? If so, where are these sessions pointed to?
    Isn't the IronPort supposed to be doing the tapping/inspection?
    The whole external tap thing has me confused.

    Colin,
    One way to think of it is that the WSA has 2 inspection engines that don't actually talk to one another...
         1. the web proxy, where you're using WCCP to send specific traffic to
         2. the L4TM engine that you send a spanned port to to catch all of the other weird stuff.
    The web proxy does all of the user tracking/policy stuff, etc. Watching a specific set of ports.
    The L4TM is intended for malware that might be running on your net... sort of like the Botnet Traffic filter that's available on ASA.
    That said, you'll use 1 port for P1 on whatever vlan, redirection to that happens via WCCP or explicit proxy. 
    For the L4TM tap you can use 1 or 2 ports on the swtich, or none if you use an external tap.  In the Network/Interfaces page, you set whether you want L4TM to use simplex or Duplex.  If you use Duplex, just do a span session off the port the firewall is plugged into to the port that you connect T1 into...
    If you use Simplex, you do 2 span sessions off of the port the firewall is connected to... ingress traffic on the port (eg. out of the firewall) to the port T1 is connected to, egress traffic on the port (eg. going to the firewall) spanned to the port T2 is hooked up to. 
    If you use an external tap, put it inline between the firewall and the switch, set the WSA for duplex and connect the "monitor" port to T1...
    Hope that helps!
    Ken

  • Need help in generating L4 Traffic monitor logs

    Hi,
    As a part of my project I need to study different types of logs produced by Cisco IronPort. I could generate some access and authentication logs however not sure about generating the L4 Traffic Monitor logs. Can anyone point me to right documentation that will help me generate those logs?
    Thanks,
    Harshad Kashikar

    Harshad,
    L4 Traffic Monitoring needs to be configured within the IronPort - first question is do you have a SPAN/TAP port set up on your switch to capture L4 traffic?
    Second, I only use this feature to capture information on malware/spyware - I have seen P2P, IRC, and 'phone-home' traffic amongst other things.  Do you have an infected host you can monitor?
    BF

  • L4 traffic monitor - blocking traffic ?

    Hello
    How does L4 traffic monitor is blocking traffic if T1/T2 ports are "tap/sniffed ports" ?
    For SPAN we might have "ingress vlan feature" which would allow us to send TCP RST (like IPS does),
    but for hardware TAP we do not have such a feature.
    So - maybe L4 traffic monitor can not block any traffic, just make a decision what to block and execution is on WebProxy and P1/2 ports ?
    Thanks

    Michael,
    Yes, the reset is sent via P1
    Ken
    Sent from Cisco Technical Support iPad App

  • Can an Ironport work in both WCCPv2 and L4 Traffic monitoring modes at the same time?

    Hello Ciscoers,
    We have an ironport installed and we use WCCPv2 to redirect the traffic. And as it occurs, I have a need to forward the traffic for another network, that uses another path to the Internet.
    So I was thinking using the L4 Traffic Monitoring.
    To the best of your knowledge, is there a way to have the appliance use both WCCPv2 and L4 Traffic monitoring at the same time? From the configuration, it's one or the other.
    Thanks,
    J.

    Ok. I'll try.
    As a matter of fact, I plan to use policy-based routing to forward all the "interesting" traffic to the appliance.
    For your TCP-Resets not seen, do you allow ingress on the span session?
    J.

  • Traffic monitoring for Coherence 3.1

    The objective of our small project is to monitor the traffic on our coherence clusters. We also were trying to put the cache traffic as a object in the same cache name. The problem we encountered was during performance tests something happened to the coherence clusters and there appears to be some kind of lock not being released for others which made all the weblogic cluster go down. Weblogic went down with "too many open files". We have thread dumps which I can send if you guys need it nevertheless I have attached a part which I suspect is the reason.
    Heres the Code that was trying to do the monitoring. The doPut Servlet method does the put , after the put it calls a method RegisterTraffic which has a small logic to increment the count & put back into the cache. It has a Lock for the particular "Traffic" key.
    * The Servlets doPut method - Handles the Cache Put Requests
    * @param HttpServletRequest request, HttpServletResponse response
    * @return void
    * @throws CacheException
    public void doPut(HttpServletRequest request, HttpServletResponse response) throws
    ServletException, IOException {
         ServletOutputStream out = response.getOutputStream();
         String value = "";
         try {
              String id = request.getPathInfo();
              String expires = request.getHeader("Expires");
              String contentType = request.getContentType();
              String app_name = request.getHeader("App-Name");
              int contentLength = request.getContentLength();
              if (contentLength > 0) {
                   byte valueArray[] = new byte[contentLength];
                   ServletInputStream in = request.getInputStream();
                   int bytesRead = 0;
                   int offset = 0;
                   while (bytesRead > -1) {
                        bytesRead =
                             in.read(valueArray, offset, valueArray.length - offset);
                        offset += bytesRead;
                        if (offset == contentLength) {
                        break;
                   DataObject myValue = new DataObject();
                   myValue.setByte(valueArray);
                   myValue.setExpirationTime((Long.parseLong(expires))*1000);
                   Cache_Manager.put(id, myValue);
                   response.setContentType("application/octet-stream");
                   value = "ID "+id+" Stored";
                   out.write(value.getBytes());
                   out.flush();
                   RegisterTraffic(app_name,"PUT");
         } catch (Exception ex) {
              response.setContentType("application/octet-stream");
              value = "CACHE_ERROR:"+ErrorCode.INTERNAL_PROBLEM_CODE+":"+"doPut:"+ErrorCode.INTERNAL_PROBLEM_MSG;
              response.setContentLength(value.length());
              out.write(value.getBytes());
              throw new ServletException(value+"\n"+ex.getMessage());
    * The Servlets Traffic Monitor method - Handles the Traffic monitoring
    * @param appname, get or put or clear
    * @return void
    * @throws CacheException
    public void RegisterTraffic(String appName, String action) {
         String trafficKey = "Traffic";
         try {
              HashMap hmTotal = new HashMap();
              HashMap hmToday = new HashMap();
              Object obj = null;
              HIDataObject dObj = null;
              String today = (new java.util.Date().toString()).substring(0,3);
              //String today = "SAT";
              Long totalTrafficCount = new Long(1);
              Long todayTrafficCount = new Long(1);
              long totalCnt = 0;
              long todayCnt = 0;
              // Lock the Object.
              Cache_Manager.lock(trafficKey,-1);
              try{
                   dObj = (HIDataObject)Cache_Manager.get(trafficKey);
              } catch(java.lang.NullPointerException nex) {
                   // If this Exception then we are doing it for the first time.
                   // Ignore this exception
              } catch(Exception exe) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
              if (dObj != null) {
                   hmTotal = dObj.getTotalTrafficHashMap();
                   hmToday = dObj.getTodayTrafficHashMap();
              // HashMap.get will throw error for the first time , so initialize to 1.
              try{
                   totalTrafficCount = (Long)hmTotal.get(appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   todayTrafficCount = (Long)hmToday.get(today+"-"+appName+"-"+action);
              } catch(java.lang.NullPointerException nex) {
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+nex.getMessage());
              try{
                   totalCnt = totalTrafficCount.longValue();
                   todayCnt = todayTrafficCount.longValue();
              } catch (Exception e) {
              // Increase the counn here
              totalCnt++;todayCnt++;
              hmTotal.put(appName+"-"+action,new Long(totalCnt));
              hmToday.put(today+"-"+appName+"-"+action,new Long(todayCnt));
              try{
                   HIDataObject myValue = new HIDataObject();
                   myValue.setTotalTrafficHashMap(hmTotal);
                   myValue.setTodayTrafficHashMap(hmToday);
                   myValue.setExpirationTime(86400000);
                   Cache_Manager.put(trafficKey, myValue);
              } catch (Exception exe){
                   CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+exe.getMessage());
         } catch (Exception ex) {
              CacheLog.error("CACHE_ERROR: RegisterTraffic Failed with Following Exception\n"+ex.getMessage());
         } finally {
              Cache_Manager.unlock(trafficKey);
    Weblogic Thread Dumps
    "TcpRingListener" id=76 idx=0x96 tid=19164 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xc5f4238[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "DistributedCache" id=78 idx=0x98 tid=19165 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)[optimized]
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)[optimized]
    ^-- Lock released while waiting: com/tangosol/coherence/component/util/daemon/QueueProcessor$Queue@0xc5c6998[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "ListenThread.Default" id=79 idx=0x9a tid=19166 prio=5 alive, in native
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0x1729efc8[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at weblogic/socket/WeblogicServerSocket.accept()Ljava/net/Socket;(WeblogicServerSocket.java:26)
    at weblogic/t3/srvr/ListenThread.accept()Ljava/net/Socket;(ListenThread.java:735)
    at weblogic/t3/srvr/ListenThread.run()V(ListenThread.java:301)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    Blocked lock chains
    ===================
    Chain 2:
    "ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'" id=53 idx=0x70 tid=18903 waiting for java/lang/String@0x102fb4d8 held by:
    "ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'" id=52 idx=0x6e tid=18902 in chain 1
    Coherence Thread Dumps
    "PacketPublisher" id=21 idx=0x32 tid=20248 prio=6 alive, in native, waiting, daemon
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$PacketPublisher$Queue@0xcb36648[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "Cluster" id=22 idx=0x34 tid=20249 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at java/lang/Object.wait(J)V(Native Method)
    at com/tangosol/coherence/component/util/Daemon.onWait()V(Daemon.CDB:9)
    ^-- Lock released while waiting: com/tangosol/coherence/component/net/Cluster$ClusterService$Queue@0xcb30190[fat lock]
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:31)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "PO Async Executor" id=27 idx=0x36 tid=20436 prio=5 alive, in native, waiting, daemon
    -- Waiting for notification on: java/lang/Object@0xa7573d8[fat lock]
    at jrockit/vm/Threads.waitForSignal(J)Z(Native Method)
    at jrockit/vm/Locks.wait(Ljava/lang/Object;J)V(Unknown Source)
    at java/lang/Object.wait()V(Native Method)
    at com/wily/EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue.take()Ljava/lang/Object;(BoundedLinkedQueue.java:225)
    ^-- Lock released while waiting: java/lang/Object@0xa7573d8[fat lock]
    at com/wily/EDU/oswego/cs/dl/util/concurrent/QueuedExecutor$RunLoop.run()V(QueuedExecutor.java:82)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)
    -- end of trace
    "TcpRingListener" id=24 idx=0x38 tid=20252 prio=6 alive, in native, daemon
    at java/net/PlainSocketImpl.socketAccept(Ljava/net/SocketImpl;)V(Native Method)
    at java/net/PlainSocketImpl.accept(Ljava/net/SocketImpl;)V(PlainSocketImpl.java:353)
    ^-- Holding lock: java/net/PlainSocketImpl@0xd441530[thin lock]
    at java/net/ServerSocket.implAccept(Ljava/net/Socket;)V(ServerSocket.java:448)
    at java/net/ServerSocket.accept()Ljava/net/Socket;(ServerSocket.java:419)
    at com/tangosol/coherence/component/net/socket/TcpSocketAccepter.accept()Lcom/tangosol/coherence/component/net/socket/TcpSocket;(TcpSocketAccepter.CDB:17)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.acceptConnection()V(TcpRingListener.CDB:9)
    at com/tangosol/coherence/component/util/daemon/TcpRingListener.onNotify()V(TcpRingListener.CDB:1)
    at com/tangosol/coherence/component/util/Daemon.run()V(Daemon.CDB:34)
    at java/lang/Thread.run()V(Unknown Source)
    at jrockit/vm/RNI.c2java(IIII)V(Native Method)

    Hi user638596.
    Frankly, there is not enough information to go by. The code you pointed to is definitely not "bullet proof". First, after the lock has been acquired, it only catches Exceptions, so any Errors (e.g. OutOfMemoryError) would "leak" a lock. In general, the locking-protected code should look like (in pseudo-code):
    lock();
    try
      operations();
    finally
      unlock();
      }However, without seeing the log files and entire thread dump, it's impossible to figure out a real reason. I'd suggest you to submit those to our support at Oracle Metalink.
    Regards,
    Gene

  • [Request] NTM - Network Traffic Monitor

    Hi to everyone:
    Could anyone package this?: NTM - Network Traffic Monitor
    NTM is a monitor of the network and internet traffic for GNU/Linux. Some characteristics:
        * Choice of the interface to monitoring.
        * Period to monitoring: Day, Week, Month, Year or Custom Days. With autoupdate.
        * Threshold: Autodisconnection if a limit is reached (by NetworkManager).
        * Traffic Monitoring: Inbound, outbount and total traffic; Show the traffic speed.
        * Time Monitoring: Total time of connections in the period.
        * Time Slot Monitoring: Number of sessions used.
        * Reports: Show of average values and daily traffic of a configurable period.
        * Online checking with NetworkManager or by "Ping Mode".
        * The traffic is attributed to the day when the session began.
        * Not need root privilege.
        * Not invasive, use a system try icon.
    NTM is useful for the people that have a internet plan with a limit, and moreover the exceed traffic is expensive.
    NTM is write in python and is a open source software, the license is the GNU GPL v2.
    A lot of thanks.

    #Maintairner: Brieuc Roblin <brieuc.roblin at gmail dot com>
    pkgname='ntm'
    pkgver='1.2.2'
    pkgrel='1'
    pkgdesc="Monitor of the network and internet traffic"
    arch=('i686' 'x86_64')
    license=('GPL')
    depends=('pywebkitgtk' 'lsb-release' 'networkmanager')
    makedepends=('dpkg')
    url=('http://netramon.sourceforge.net/eng/index.html')
    source=('http://freefr.dl.sourceforge.net/project/netramon/NTM/ntm-1.x/ntm-1.2.2.deb')
    md5sums=('ec438b8c952ac866ffdaa57538d189b7')
    build() {
    cd "$srcdir"
    # Extracting deb
    msg2 "Extracting .deb ..."
    dpkg-deb -x ntm-*.deb deb
    cd "deb"
    # Installing
    msg2 "Installing..."
    cp -r . "$pkgdir"/
    I can't really test the program as I'm not using NetworkManager.
    Last edited by PyrO_70 (2010-08-20 19:18:24)

  • Cisco WSA : no data found in L4 traffic monitor summary

    Hello !
    Does L4 traffic monitor only display rogue traffic ? Because, I made a packet capture on the T1 interface and i saw that there was a lot of traffic but in the overview, no data was found in the field "L4 Traffic Monitor Summary". Is it normal ? There is a screenshot in enclosed files.
    Thank you,
    Stephane Walker

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • UDP traffic analyzed in L4 traffic monitor?

    Dear all,
    I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?
    It just tells "all ports" in the settings and reports also only reflect port numbers but no details like
    which protocol (tcp/udp).
    Anyone?
    Best,
    Hascha

    UDP ports will not be blocked.
    The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist.  Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.
    I have not tested this so someone correct me if I am wrong.  I am answering this based on my understanding of the L4TM feature, and how it works.  Since UDP is connectionless, there is no connection for it to kill.
    Now this makes me wonder about the Monitor feature though.  But I am almost certain it will not block if the action is set to block.
    I'll check this out when I'm in the office and will get back to you.
    -Vance

  • Traffic monitoring

    I have a Cisco 4507 and would like to start monitoring traffic analysis and must admit Im a beginer so any information would be gratefully received

    Hello,
    you can use netflow traffic monitoring and analyzis. More information about netflow you can read on the cisco pages http://www.cisco.com/go/netflow or in the documentation of our software on the: http://www.caligare.com/netflow/download.php (section appendix 1). If you have more questions regarding netflow let me know...
    Jan
    Caligare Co.
    http://www.caligare.com

  • 24 Hr Network Traffic Monitoring

    Hi Markus,
    I got this 24-hour Network traffic monitoring output using the program you gave me ;)
    I run every hour this > ./network-traffic.sh -c 1
    It will give me 1 line output like this,
    Monitoring eth0 every 3 seconds. (RXbyte total = 1 Gb TXbytes total = 2 Gb)
    RXbytes = 58 Kb TXbytes = 51 Kband I call this program every hour via cron, to produce and output like this:
    27-Oct-2010 00:00:07    RXbytes = 10 Kb TXbytes = 9 Kb
    27-Oct-2010 01:00:07    RXbytes = 11 Kb TXbytes = 9 Kb
    27-Oct-2010 02:00:07    RXbytes = 7 Kb TXbytes = 6 Kb
    27-Oct-2010 03:00:07    RXbytes = 48 Kb TXbytes = 42 Kb
    27-Oct-2010 04:00:07    RXbytes = 448 b TXbytes = 0 b
    27-Oct-2010 05:00:08    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 06:00:07    RXbytes = 128 b TXbytes = 0 b
    27-Oct-2010 07:00:08    RXbytes = 256 b TXbytes = 0 b
    27-Oct-2010 08:00:08    RXbytes = 14 Kb TXbytes = 24 Kb
    27-Oct-2010 09:00:07    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 10:00:08    RXbytes = 11 Kb TXbytes = 10 Kb
    27-Oct-2010 11:00:07    RXbytes = 48 Kb TXbytes = 85 Kb
    27-Oct-2010 12:00:08    RXbytes = 9 Kb TXbytes = 8 Kb
    27-Oct-2010 13:00:07    RXbytes = 13 Kb TXbytes = 28 Kb
    27-Oct-2010 14:00:08    RXbytes = 53 Kb TXbytes = 46 Kb
    27-Oct-2010 15:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 16:00:08    RXbytes = 13 Kb TXbytes = 20 Kb
    27-Oct-2010 17:00:08    RXbytes = 40 Kb TXbytes = 94 Kb
    27-Oct-2010 18:00:07    RXbytes = 13 Kb TXbytes = 30 Kb
    27-Oct-2010 19:00:08    RXbytes = 6 Kb TXbytes = 9 Kb
    27-Oct-2010 20:00:08    RXbytes = 12 Kb TXbytes = 12 Kb
    27-Oct-2010 21:00:08    RXbytes = 15 Kb TXbytes = 40 Kb
    27-Oct-2010 22:00:07    RXbytes = 9 Kb TXbytes = 11 Kb
    27-Oct-2010 23:00:07    RXbytes = 11 Kb TXbytes = 9 KbIs this output data gathering style valid?
    I want to give this report to my boss using spreadsheets, but I want to put comments like :
    1. at what hour is the network busiest?
    2. at what hour is the network the not-busiest?
    How do I sort this output from busiest (descending order)?
    Thanks a lot,
    Ms K

    Hi again markie,
    This is my actual source code of eth0stat.sh:
    # File: eth0stat.sh
    # Purpose: Gather network traffic increase between readings
    # Command: . ./eth0stat.sh
    ifcmd='/sbin/ifconfig eth0'
    timestamp=$(date "+%D %T")
    logfile=/u01/Monitor/eth0stat.txt
    old_rxbytes=$RXBYTES
    old_txbytes=$TXBYTES
    get_rxbytes() {
       $ifcmd | grep "RX bytes" | cut -d: -f2 | awk '{ print $1 }'
    get_txbytes() {
       $ifcmd | grep "TX bytes" | cut -d: -f3 | awk '{ print $1 }'
    RXBYTES=$(get_rxbytes); export RXBYTES
    TXBYTES=$(get_txbytes); export TXBYTES
    if [ $old_rxbytes > 0 ]; then
       diff_rxbytes=$(($RXBYTES - $old_rxbytes))
    else
       diff_rxbytes=0
    fi
    if [ $old_txbytes > 0 ]; then
       diff_txbytes=$(($TXBYTES - $old_txbytes))
    else
       diff_txbytes=0
    fi
    echo "$timestamp,RXbytes:$diff_rxbytes,TXbytes:$diff_txbytes" >> $logfileI created the new program you gave me (eth0stat.sh) and called it from cron every our, but I got this result:
    11/01/10 15:00:07,RXbytes:0,TXbytes:0
    11/01/10 16:00:07,RXbytes:0,TXbytes:0
    11/01/10 17:00:07,RXbytes:0,TXbytes:0
    11/01/10 18:00:07,RXbytes:0,TXbytes:0
    11/01/10 19:00:07,RXbytes:0,TXbytes:0
    11/01/10 20:00:07,RXbytes:0,TXbytes:0
    11/01/10 21:00:07,RXbytes:0,TXbytes:0
    11/01/10 22:00:08,RXbytes:0,TXbytes:0
    11/01/10 23:00:07,RXbytes:0,TXbytes:0
    11/02/10 00:00:07,RXbytes:0,TXbytes:0
    11/02/10 01:00:08,RXbytes:0,TXbytes:0
    11/02/10 02:00:08,RXbytes:0,TXbytes:0
    11/02/10 03:00:07,RXbytes:0,TXbytes:0
    11/02/10 04:00:07,RXbytes:0,TXbytes:0
    11/02/10 05:00:07,RXbytes:0,TXbytes:0
    11/02/10 06:00:08,RXbytes:0,TXbytes:0
    11/02/10 07:00:08,RXbytes:0,TXbytes:0
    11/02/10 08:00:07,RXbytes:0,TXbytes:0
    11/02/10 09:00:08,RXbytes:0,TXbytes:0
    11/02/10 10:00:08,RXbytes:0,TXbytes:0The output has all 0 bytes :( . Is there something I missed out?
    I compared it to the other one I got:
    1-Nov-2010 15:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 16:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 17:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 18:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 19:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 20:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 21:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 22:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    1-Nov-2010 23:00:07     RXbytes = 11 Kb TXbytes = 9 Kb
    2-Nov-2010 00:00:07     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 01:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 02:00:08     RXbytes = 10 Kb TXbytes = 9 Kb
    2-Nov-2010 03:00:07     RXbytes = 7 Kb TXbytes = 6 Kb
    2-Nov-2010 04:00:07     RXbytes = 256 b TXbytes = 0 b
    2-Nov-2010 05:00:07     RXbytes = 320 b TXbytes = 0 b
    2-Nov-2010 06:00:08     RXbytes = 0 b TXbytes = 0 b
    2-Nov-2010 07:00:08     RXbytes = 466 b TXbytes = 0 b
    2-Nov-2010 08:00:07     RXbytes = 1 Mb TXbytes = 19 Mb
    2-Nov-2010 09:00:08     RXbytes = 1 Mb TXbytes = 22 Mb
    2-Nov-2010 10:00:08     RXbytes = 12 Kb TXbytes = 91 KbThe is seem to be movement starting at 8am Nov 2, 2010.
    Please help me debug the eth0stat.sh.
    Thanks again so much

  • Looking for an internal traffic monitor for a RV042

    I have an RV042 router and I'm looking to monitor the total upstream and downstream traffic from within the router. I know there is tons of software that I can put on a network computer to monitor traffic, but is there any software that I can put on the router itself that will monitor the traffic from within the router?                  

    James,
    This doesn't reside on the RV042, but I think its as close as you're going to get. Check out these threads:
    http://www.dslreports.com/forum/remark,16725884
    http://forums.cacti.net/about35626.html
    Another popular one is Kiwi (Solarwinds now)
    There are also many other SNMP monitoring tools you could use.
    Best,
    David
    Please rate helpful posts and identify correct answers.

  • Unknown network traffic / router traffic monitoring

    So I got a new PC with windows 7 on it, and I installed this gadget that monitors network traffic, and it shows a lot of traffic that my local PC isn't showing, so I am thinking there is something running on the LAN that I can't see. I was looking to find a live, better program to monitor the actiontec router, for traffic. anyone know of anything that can maybe show me who is using all the bandwidth on my network?
    i have found software for Linksys, but nothing for the Actiontec.
    Thanks,
    Quasimodem
    Fios in Florida
    Solved!
    Go to Solution.

    Keep in mind that when looking at Wireshark (sniffer) software there are different types of traffic:
    Unicast
    Broadcast
    Multicast
    Unicast is traffic between two devices.  You will see the traffic between the PC with wireshark and another device on your local network such as a printer, another PC or the Router.  You should not see traffic between another PC and the Internet for example.  Using a phone as an example some calls you and the conversation is between you and the person on the other end of the phone.  This is unicast traffic.  Using defaults of the actiontec, IP address seen will be 192.168.1.1 for the router and 192.168.1.2-99 for devices on your network.  If you have the TV service, 192.168.1.100-1xx is used for the cable boxes.
    Broadcast traffic is traffic sent to all devices.  Its not directed toward a particular PC but rather usually looking for information.  In a sniffer trace you will see broadcast traffic. Going back to the phone example, someone makes an announcement on an overhead intercom system that is broadcast traffic.  Broadcast traffic will be seen as 192.168.255.255
    Multicast traffic is traffic from one device for many devices.  Usually used in video feeds.   Using the phone system as an example someone wishes to tell a group of people something so instead of calling each person up and telling them each person who wants the information joins a conference bridge.  Anyone is allowed to listen but only those that wish to get the information receive it.  Generally how multicast works.  Multicast traffic will be seen as IP address 224.x.x.x or something of the sorts where the address will be 2xx.x.x.x.  
    I hope this makes sense.  Probably more information than you needed but at least it will help you understand what wireshark is telling you.

  • Network traffic monitor

    Hi! I bought a WRT310N wireless router a few weeks ago and I must say I am pretty satisfied with it.
    However, I've been looking for something to monitor the traffic on my local network. The easylink advisor just shows me who is connected. Is there a more advanced software that makes me monitor more exactly the traffic from each connected computer? 
    Thanks for the help!
    //Chris

    No. Not with these cheap routers. There is no way to monitor the traffic going through the router nor the LAN traffic going through the switch.

  • Traffic Monitor over WAN

    Hi,
    I have two network in different location connected through WAN.  Which is in Sweden and another location is in UK, this two location is connected via WAN and entire network is accessible from one location to another.
    Due to some reason I need to monitor traffic of Sweden Network from UK.  Could you please help me out on this.  How do I monitor traffic from different location.

    Go to ftp://ftp.linksys.com/pub/network/ and download log viewer utility for router…check whether it helps you or not.

  • LMS 4.2 and traffic monitor

    Hello
    is there any way to monitor traffic type passing through the WAN links on routers using LMS 4.2 ?

    any idea ?
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for

  • Apple TV; sharing to my iPad and iPhone works but not to wife's iPad or iPhone?

    My apologies, I have been searching FAQ's and couldn't find any resolution - it is late for me! Purchased new Apple TV (2nd gen) last week and after solving slow internet issues set up all content to be "home shared" to my devices (iPad 2, iPhone 4)

  • Can I create a dashboard layout on the fly?

    Hi all, I am trying to create a dashboard layout "on-the-fly" (dynamically). for example: I can create the following layout using MXML very easily: [CODE] <mx:VBox width="100%" height="100%" horizontalAlign="center"> <mx:Canvas id="dashboardCanvas" w

  • Incorrect Withholding TAX Split when using Installment Payment term

    Hi SAP Gurus, When we are using installment payments, the withholding tax is split and calculated in as many vendor positions as the installment payment term dictates. In our location (ECUADOR) it is necesary to calculate the Withholding TAX adding a

  • In What Format datas are stored in the LabView???

    Hello Friends                 In what Format datas are stored in the Labview.Likewise Icon,Text format Etc. Jayavel

  • PI Timestamp incorrect in java stack

    Dear All, In the java stack-> runtime workbench  (Communication Channel Monitoring) the logs time stamp shows 1 hour back….. Whereas the same message log timestamp when checked in the abap stack shows the correct time. All the default java logs which